Privacy notice

Last updated 6 May 2026

VectorFlow ("we", "us") is building the agentic operating layer for insurance. This notice explains how we handle personal data submitted through the contact form on runvectorflow.com. Questions? [email protected].

Who we are

VectorFlow is operated by Zineb Taleb and Zakaria Hajji as a founding team. For any privacy question, write to [email protected].

What we collect

Only what you provide on the contact form:

Your first and last name
Your work email address
The company you work at
Optionally, your role and a message
The timestamp of submission

We do not place cookies, fingerprint your browser, or log your IP address on the contact flow. See "Site analytics" below for the cookieless aggregate analytics we run on the rest of the site.

Why we collect it

Legal basis. Consent — Article 6(1)(a) GDPR. Submitting the form with this notice linked beside it is your consent.
Purpose. To reply to your enquiry and, if a conversation begins, to follow up about a possible commercial relationship.

We will not use your details for any other purpose without asking you again.

How long we keep it

For the duration of any active conversation, plus up to 24 months afterwards for our records. If you ask us to delete your data earlier, we will do so within 30 days.

Who processes it on our behalf

We use a small set of third-party processors:

Cloudflare, Inc. (United States) — hosts the site and runs the API endpoint that receives your submission.
Resend, Inc. (United States) — delivers the notification email to our inbox and the confirmation email back to you.
PostHog, Inc. (EU region — Frankfurt, Germany) — receives the cookieless analytics events described in "Site analytics" below. No contact-form data is sent to PostHog.

Each is bound by its standard data-processing terms. We do not sell or share your data with anyone else.

International transfers

The processors above store data in the United States. Transfers rely on the EU–US Data Privacy Framework adequacy decision (2023) and, where applicable, standard contractual clauses.

Your rights

Under GDPR you have the right to:

Access the data we hold about you
Have it corrected if it is wrong
Have it deleted (the "right to be forgotten")
Withdraw your consent at any time
Object to or restrict processing
Receive your data in a portable format
Lodge a complaint with your national data protection authority

To exercise any of these, email [email protected] from the address you used to contact us. We respond within 30 days.

Unsubscribing

Every email we send includes a one-click unsubscribe header. You can also reply to any of our emails with "unsubscribe" and we will remove you immediately.

Cookies and tracking

runvectorflow.com does not use cookies, advertising trackers, or cross-site fingerprinting. The cookieless analytics described below is the only telemetry we run.

Site analytics

We use PostHog, hosted in the EU region (Frankfurt, Germany), in a strictly cookieless configuration to understand which pages people read and which CTAs they use. Concretely:

No cookies are set. PostHog stores nothing in your browser between visits — each session is anonymous and ends when you close the tab.
No session replay, no surveys, no heatmaps, no feature-flag identification.
What's collected: page URL, viewport size, referrer, anonymised user-agent, country (derived from IP at ingestion and then discarded — IPs are not stored), and named interaction events such as opening the contact modal or submitting the form (the form's actual content is never sent to PostHog).
Legal basis. Legitimate interest — Article 6(1)(f) GDPR — for measuring traffic to a B2B marketing site without identifying visitors. Because no cookies or identifiers are stored on your device, no consent banner is required under ePrivacy.

Changes to this notice

If we materially change how we process your data, we will notify anyone with active correspondence before the change takes effect.