Data ownership and processing
Your organization is the data controller under the Data Processing Agreement we sign with every customer. Vantage Inc. is the processor. We act only on documented instructions from your organization. We do not sell, rent, lease, or share customer data with any third party for advertising, analytics, or model training.
Where data lives
Production data lives in AWS us-east-1 by default. Application data is isolated by tenant via Postgres row-level security and org-prefixed object storage paths. Other regions are available on request for organizations with data-residency requirements.
Device authentication
Each enrolled macOS device authenticates with mutual TLS using a per-device certificate issued at enrollment. The agent never holds long-lived cloud credentials. Token revocation is immediate from the operator console.
Tiered retention
Every data class has an expiry that your organization sets:
- Raw spans (short-lived activity events) — default 7 days, max 30
- Structured sessions — default 60 days, max 1 year
- Activity cards & audit trail — default 1 year, max 7 years
- Full org deletion — fully supported, signed off by Vantage and confirmed by the organization
Operator access
All operator access is logged in an append-only, hash-chained audit log. The log records who accessed which device's record, when, from which IP, and what action was taken. Audit log entries are tamper-evident — any modification breaks the chain.
What Vantage does not capture
By design and by entitlement:
- No microphone audio
- No camera or webcam feeds
- No password-field typing
- No data leaves your tenant uninstructed
- No model training on your data — LLM sub-processors are configured for zero retention
Compliance posture
SOC 2 Type I control design is in progress with a target Q4 2026 readiness window. We frame this honestly — we do not claim controls we have not implemented.
Vantage supports deployments for organizations with sector-specific compliance requirements (HR data, regulated industries, education) — executed through the DPA and customer agreement, with template policy language we provide.
Disclosure and acceptable use
Vantage is deployed openly. The agent has no menu-bar UI by default — not to hide, but to avoid interrupting work. Disclosure to end-users is the organization's responsibility, executed through your acceptable-use policy or workplace handbook. We provide template language.
Vulnerability reporting
Security researchers can report vulnerabilities to cruce.saunders@alpha.school with subject line beginning with [SEC]. We acknowledge within two business days.
DPA & sub-processor list
The Vantage Data Processing Agreement template is available for review by your counsel during pilot evaluation. Sub-processors are listed within the DPA and updated with 30 days' notice for material changes.