Who we are
Vesuvian is a UK-based technology service operated by Vesuvian Limited. We provide AI-powered business assistant software to small and medium businesses.
For data protection purposes, Vesuvian is the Data Controller for information collected through our website and platform. For data processed on behalf of our clients through the platform, Vesuvian acts as a Data Processor and our clients are the Data Controllers.
Contact us regarding data protection: info@vesuvian.uk
What data we collect and why
Account and identity data: When you register, we collect your name, email address, and the name of your business. We use this to provide your account, send service communications, and identify you within the platform. Legal basis: contract performance.
Usage data: We record which AI tools are used, query counts, and token consumption per session. We do not store the content of your queries or AI responses beyond your current session. This data is used for billing, abuse prevention, and service improvement. Legal basis: legitimate interests.
Audit log data: For accounts where the feature is enabled, we store a record of queries made by each user including a summary of the question asked, the tools used, and the timestamp. This is visible to the account owner and to Vesuvian administrators. Legal basis: contract performance and legitimate interests.
Technical data: IP addresses, browser type, and device identifiers collected through standard server logs and analytics. Retained for 90 days. Legal basis: legitimate interests.
Communications: If you contact us by email, we retain that correspondence. Legal basis: legitimate interests.
Data we do not collect or store
We do not store the content of files you attach to conversations. Files are processed in memory and discarded immediately after your query is answered.
We do not store the full content of AI conversations beyond your current session. Conversation history displayed in the sidebar is stored to provide continuity within the platform but is not used for any other purpose.
We do not sell your data to any third party. Ever.
How your business data is processed
When you connect your business systems (Gmail, Xero, Google Drive, etc.) to Vesuvian, queries about your data are processed as follows: your question is sent to Anthropic’s Claude API alongside the relevant data retrieved from your connected systems. Anthropic processes this under their API terms. Anthropic retains API inputs and outputs for up to 7 days for abuse monitoring purposes and does not use this data to train AI models. We have signed Anthropic’s Data Processing Addendum. Your data is never used to train any AI model.
Third-party processors we use
| Processor | Purpose | Location |
|---|---|---|
| Anthropic | AI query processing | USA (SCCs in place) |
| Supabase | Database hosting | EU |
| Vercel | Application hosting | EU (lhr1 region) |
| Railway | MCP server hosting | EU |
| Transactional email (Gmail API) | USA (SCCs in place) | |
| Google Analytics | Website analytics (with consent) | USA (SCCs in place) |
| Sentry | Error monitoring | EU |
Your rights under UK GDPR
You have the right to: access your personal data, correct inaccurate data, request erasure, restrict processing, data portability, and object to processing. To exercise any right, email info@vesuvian.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the ICO at ico.org.uk.
Data retention
- Account data is retained for the duration of your contract plus 12 months.
- Audit logs are retained for 12 months.
- Usage records are retained for 24 months for billing dispute purposes.
- You may request earlier deletion.
Changes to this policy
We will notify active users by email of material changes at least 14 days before they take effect.