VisQuanta

Clear Data Practices.
Built on Transparency.

We believe in being open about how we handle your data. Explore our privacy policies, data handling practices, and service providers.

Last updated: April 2026

Core Policies

Privacy Policy
Terms & Conditions
TCPA Compliance
Cookie Policy

On This Page

DPA Intake
AI Data Handling
PII Redaction
Security Posture
Request DPA

Our Approach to Data

At VisQuanta, we understand that data privacy is critical for your business. We operate with a transparency-first approach, ensuring you know exactly what data we collect and how it is used.

We do not sell your data. Every piece of information collected is used strictly to power the services you have subscribed to, improve platform performance, and provide customer support.

Data Processing Agreements

We execute Data Processing Addendums with every enterprise client. Our customer-facing DPA is available on request. All sub-processors that handle customer data are themselves governed by executed DPAs.

Data Collection

We only collect data necessary for the operation of our services. This includes business account information, user contact details, and operational data required to power our AI tools.

Data Usage

Your data is used exclusively to provide, maintain, and improve our services. We do not sell your data to third parties.

Access Control

Access to customer data is limited to authorized personnel who require it to support the platform or respond to customer requests.

Data Retention & Deletion

We retain data only for as long as necessary to operate the platform or meet legal obligations.

Requests for data deletion can be made in accordance with our Privacy Policy.

What This Means for Your Business

Clear Ownership

You retain ownership of your business's data. We act as a processor, handling data only on your behalf and in accordance with our agreements.

Operational Integrity

Our internal policies ensure that only authorized team members involved in support or technical maintenance have access to your environment.

What We Send to AI Models

Our SMS campaign agents are built on OpenAI's API. The only customer data passed to the AI model is:

  • The prospect's first name
  • The prospect's own in-conversation messages (voluntarily provided during SMS exchange)

We do not send the following to AI sub-processors:

  • ×Phone numbers, email addresses, last names, physical addresses
  • ×CRM custom fields, lead source, lead notes
  • ×Any other personal identifying information provided to us by the client

Lead routing, dialing, and CRM storage all happen outside the AI layer.

Automatic PII Redaction at the SMS Boundary

Sensitive personal data is automatically removed from every text message the moment it enters or leaves the Visquanta platform. Social Security numbers, credit and debit card numbers (validated to avoid false positives), bank account numbers, routing numbers, driver's license numbers, and dates of birth are replaced with redaction tokens before the message is written to any database, stored in any audit log, synced to any CRM, or seen by any AI model.

Ordinary conversation data — names, phone numbers, email addresses, vehicle details, prices, and mileage — is preserved so conversations remain useful to your team. Every redaction is logged as an anonymous count (for example, "one card number redacted"); the original sensitive text is never retained, transmitted, or recoverable.

This control is enforced at the single point of entry and exit on our SMS middleware, meaning it applies uniformly to every inbound and outbound message regardless of which downstream system consumes it. The operating principle is simple: Visquanta would rather miss context in a conversation than store regulated data unnecessarily.

Security Posture

  • Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access control on all customer data
  • Our sub-processors (AWS, Vercel, OpenAI, and others) maintain their own SOC 2 Type 2 and ISO 27001 certifications. Their compliance documentation is available to enterprise clients under NDA.

Visquanta does not currently hold its own third-party security certifications and does not represent itself as SOC 2 or ISO 27001 certified. We maintain strict internal policies to protect customer data and rely on compliant sub-processors for infrastructure.

Service Providers

Amazon Web Services (AWS)Amazon Web Services (AWS)
OpenAIOpenAI
Google GeminiGoogle Gemini
VercelVercel
SupabaseSupabase
+ 10 more

DPA Requests & Compliance Questions

For DPA requests, security questionnaires, or sub-processor compliance documentation:

compliance@visquanta.comorinfo@visquanta.com
Trust & Compliance — Visquanta | VisQuanta