top of page

Privacy Policy

Effective Date: May 16, 2025

​

This Privacy Policy ("Policy") governs the manner in which Vertical Fish LLC, a Utah limited liability company, including its subsidiaries, affiliates, successors, assigns, and any related entities (collectively, "Vertical Fish," "Company," "we," "us," or "our") collects, uses, maintains, discloses, and protects information collected from users ("User," "you," or "your") who access or use our Website located at https://www.verticalfish.ai, related applications, AI systems, APIs, services, communications, and all other platforms owned and operated by Vertical Fish (collectively, the "Services").

​

Vertical Fish LLC is headquartered at 35 West Broadway, Suite 501, Salt Lake City, Utah 84101, USA. This Policy reflects our commitment to comply with all applicable data protection regulations and privacy frameworks including, but not limited to, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), the Children's Online Privacy Protection Act (COPPA), and the Payment Card Industry Data Security Standards (PCI DSS).

​

1. DEFINITIONS AND SCOPE

​

1.1 Personal Data refers to any information relating to an identified or identifiable natural person, including but not limited to name, email address, location data, online identifiers, voice recordings, health data, and behavioral insights derived from AI interactions.

1.2 Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, storage, use, access, alteration, deletion, disclosure, or transmission.

1.3 This Policy applies to all Users of the Services, including but not limited to customers, clients, site visitors, third-party vendors, independent contractors, and individuals interacting with Vertical Fish AI-powered platforms (voice, chat, or embedded integrations).

 

2. INFORMATION WE COLLECT

2.1 Directly Provided Information:

  • Full name, business name, or DBA

  • Email address(es), physical address, and phone number(s)

  • Username and password

  • Payment and financial information (collected via PCI-compliant gateways only)

  • Voice or chat transcripts through AI interactions

  • User-submitted content including form entries, service inquiries, documents, and files

2.2 Automatically Collected Information:

  • IP address, geolocation data (if consented)

  • Device identifiers, browser metadata, session information

  • Clickstream and page interaction data

  • Audio recordings and AI-driven transcription files

  • Interaction logs from voice assistants, chatbots, and automated workflows

2.3 Sensitive Personal Information:

  • Health-related data where applicable (subject to HIPAA)

  • Biometric identifiers (e.g., voiceprint recognition)

  • Government identifiers (where voluntarily submitted)

  • Communications consent logs under TCPA

2.4 Third-Party Integrations:

  • Information collected through integrations with CRMs, calendars, payment processors, and business systems connected to Vertical Fish via API or webhook

 

3. PURPOSES OF PROCESSING

Vertical Fish processes Personal Data for the following lawful purposes:

  • Provision and delivery of Services, including intelligent voice/chat AI assistants

  • Authentication, billing, account maintenance, and fraud detection

  • Logging of verbal or written consent for telephonic or SMS communication per TCPA

  • HIPAA-compliant intake for health-related services when applicable

  • Enhancement of AI system performance, including supervised training of models using de-identified and anonymized interaction data

  • Personalization of Services based on past usage, preferences, and behavioral insights

  • Compliance with legal obligations and regulatory audits

 

4. LEGAL BASES FOR PROCESSING

Vertical Fish relies on one or more of the following legal bases:

  • Your explicit consent (Article 6(1)(a) GDPR; TCPA opt-ins)

  • Contractual necessity (e.g., to provide requested Services)

  • Legal obligations (e.g., HIPAA, tax reporting)

  • Legitimate business interests (provided such interests are not overridden by your fundamental rights and freedoms)

  • Public interest (as permitted by law)

5. RETENTION OF DATA

We retain Personal Data only as long as necessary to fulfill the purposes described in this Policy, or as required by law, including:

  • Financial records (7 years minimum)

  • HIPAA-related records (6 years minimum)

  • TCPA consent logs (4 years minimum)

  • AI interaction logs for internal improvement (de-identified after 90 days unless consented otherwise)

Data no longer necessary is securely deleted or irreversibly anonymized.

 

6. DATA SECURITY AND SAFEGUARDS

Vertical Fish employs a multilayered security infrastructure including:

  • Data encryption at rest and in transit (AES-256, TLS 1.2+)

  • Role-based access control and least privilege enforcement

  • End-to-end encrypted AI messaging protocols

  • PCI DSS-compliant card processing (we do not store raw card data)

  • HIPAA-compliant storage and audit trails for health-related data

  • Dedicated breach response protocols and system logging

  • Annual security audits and penetration testing

We continuously monitor our infrastructure and conduct vulnerability scans to proactively mitigate security threats.

 

7. SHARING AND DISCLOSURE OF INFORMATION

Vertical Fish does not sell, rent, or trade your Personal Data. We may share information with the following categories of recipients:

  • Authorized employees and contractors under strict confidentiality agreements

  • Cloud service providers and infrastructure vendors

  • Payment processors and banking partners (PCI-compliant)

  • Legal or regulatory bodies under court order or legal mandate

  • Healthcare business associates (for HIPAA-regulated workflows)

  • CRM or communications vendors, solely for delivery of services and with opt-out mechanisms available

All vendors undergo due diligence and are contractually obligated to maintain equivalent or greater data protection standards.

 

8. INTERNATIONAL TRANSFERS

If you are located outside the United States, your data may be transferred, stored, and processed in the United States or other countries where we or our processors maintain facilities. We implement safeguards such as Standard Contractual Clauses or Data Processing Agreements (DPAs) to ensure data protection in accordance with GDPR and other international frameworks.

 

9. YOUR RIGHTS

Depending on your location, you may have the following rights:

  • Right to know what data we collect and how it is used

  • Right to access and receive a copy of your data

  • Right to request correction or deletion (subject to exceptions)

  • Right to restrict or object to processing

  • Right to withdraw consent at any time

  • Right to data portability

  • Right to file a complaint with a supervisory authority (GDPR)

To exercise these rights, contact us at privacy@verticalfish.ai. Verification procedures may apply.

 

10. AI SYSTEMS, VOICE DATA, AND AUTOMATED DECISION MAKING

Vertical Fish employs proprietary AI technologies for voice, chat, workflow, and task automation. All interactions may be recorded, transcribed, and analyzed to:

  • Execute tasks requested by Users

  • Improve AI reliability, tone, and response accuracy

  • Detect fraud or misuse

Users interacting with Vertical Fish AI agree to such recordings for lawful business purposes. We do not make solely automated decisions with legal or similarly significant effects without your explicit consent.

 

11. CHILDREN’S DATA

Vertical Fish does not knowingly collect data from individuals under 13 (or under 16 in certain jurisdictions). If you believe a child has submitted Personal Data without appropriate consent, contact us and we will promptly delete it.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, local storage, beacons, and session trackers to:

  • Secure user sessions

  • Measure engagement and feature usage

  • Deliver relevant offers and AI enhancements

Cookie preferences may be managed via your browser or by contacting us directly. We support Do Not Track (DNT) and GPC browser signals.

 

13. POLICY CHANGES

We may revise this Policy to reflect changes in legal, technical, or business developments. Updated versions will be posted with a revised "Effective Date." Where required by law, we will notify you directly.

 

14. CONTACT INFORMATION

Privacy & Compliance Office
Vertical Fish LLC
35 West Broadway, Suite 501
Salt Lake City, Utah 84101
Email: privacy@verticalfish.ai
For GDPR-specific inquiries, please contact our appointed Data Protection Officer (DPO) at dpo@verticalfish.ai.

 

15. GOVERNING LAW & VENUE

This Policy and all matters arising out of or relating to it are governed by the laws of the State of Utah, USA, without regard to its conflict of laws provisions. Any dispute shall be subject to binding arbitration or exclusive jurisdiction of the federal and state courts located in Salt Lake County, Utah.

 

16. ENTIRE AGREEMENT

This Policy constitutes the entire agreement concerning data practices between you and Vertical Fish. It supersedes all prior and contemporaneous understandings. Any waiver must be in writing. If any provision is held invalid, the remaining provisions shall remain in full force and effect.

End of Privacy Policy

bottom of page