Privacy Policy

Last updated: May 1, 2026

Vrge is built by TRD Ventures LLC (New Mexico, USA). We believe your data is yours. This policy explains the limited data we process, the data you can choose to send to third parties through the app, and the rights you have over both.

In plain English:your clients, projects, tasks, notes, emails, calendar data, and files live on your device and never touch our servers. If you choose to turn on a cloud AI provider with your own API key (Anthropic, OpenAI, or Google) inside Vrge, the app sends that provider your content directly from your device — we don't sit in the middle. Because it's your key and your provider account, the default is to send full content for the best results; you can dial in redaction (or local-only summaries) per source in Settings → AI. If you prefer to keep everything local, use the Ollama provider bundled with the app.

1. Scope and controller

This policy applies to (a) the Vrge desktop application, (b) optional add-ons, (c) the getvrge.com marketing website, and (d) any email you send us. For the limited personal data we hold (see §3), TRD Ventures LLC is the data controller.

When you enable a cloud AI provider inside Vrge, you are the controller for the content sent to that provider — the provider is your sub-processor, not ours. We never proxy or log those calls.

When you run the optional self-hosted Team server, you are the controller for the data stored on your server. We have no access.

2. What the website collects

Cloudflare Web Analytics — cookieless, does not fingerprint, does not track across sites. Cloudflare retains aggregate analytics for 6 months. Legal basis (GDPR): legitimate interest in measuring traffic to a first-party site.

The site sets no third-party cookies and contains no tracking pixels. The only third-party script is the Lemon Squeezy checkout, which loads when you click a buy button.

3. What we collect when you buy or contact us

Purchase information — name, email, country, and payment details are processed by Lemon Squeezy as Merchant of Record. We receive your email and license key; we never see or store your card number. Legal basis: performance of the purchase contract.
License keys — tied to your purchase for activation. Retained for the life of your license plus 3 years for warranty and tax purposes. Legal basis: performance of contract; legitimate interest in tax recordkeeping.
Support correspondence — if you email us, we keep the conversation to help you. Retained for 3 years after the last message, then deleted. Legal basis: legitimate interest in providing support and improving the product.
Update checks — the app pings updates.getvrge.com with your current version, OS, and architecture so it can offer you upgrades. No identifiers, no content. Legal basis: legitimate interest in shipping security fixes to users.

4. What the app stores and where

Vrge is offline-first. Your projects, clients, tasks, notes, invoices, emails fetched by the observer, calendar events, bank transactions, and files all live in a local SQLite database on your machine (Tauri desktop) or in your browser's IndexedDB (web build). We have no access, no telemetry, and no phone-home behavior beyond the update check above.

The app uses browser localStorage to remember strictly-necessary preferences — your theme, your selected industry context for the AI, and your company name if you entered it. These never leave your device. Under the ePrivacy Directive, this storage is covered by the "strictly necessary" exemption, so no cookie banner is required.

5. Optional cloud AI providers

The app can, if you turn it on, send prompts to a cloud AI provider to classify emails, extract clients from threads, and similar tasks. Cloud AI is off by default. When enabled, calls go directlyfrom your device to the provider using your own API key — we don't relay them.

Supported cloud providers and what we do with your content before it leaves your device:

Anthropic (Claude) — privacy policy. API calls to api.anthropic.com. Data processed in the United States. Anthropic does not train on API data by default.
OpenAI — privacy policy. API calls to api.openai.com. Data processed in the United States. OpenAI does not train on API data by default.
Google (Gemini) — Gemini API terms. API calls to generativelanguage.googleapis.com. Data processed on Google's global infrastructure.
Ollama (local) — runs entirely on your machine. Nothing leaves your device. Recommended if you process sensitive data.

You choose what gets sent. When you use your own cloud API key, the data goes to your own provider account (Anthropic, OpenAI, or Google) — Vrge never sees it. Because of that, the default for bring-your-own-key cloud AI is full content, which gives the observer the best extraction accuracy. You can change this in Settings → AI & Intelligence to: a redaction layer that replaces client names, emails, phone numbers, and dollar amounts with tokens; a local Ollama-generated summary that never ships raw content; or the strictest truncated-and-redacted mode. Every mode can be inspected before you commit using the "What gets sent" preview, and you can override the mode per source. Vrge Managed AI (the optional paid tier where we run inference) is different: it is always redact-by-default and never sends full raw content, because that data passes through our proxy.

AI activity log.Every cloud AI call is logged locally in Settings → AI & Intelligence: when, which provider, which task, estimated cost, and whether content was redacted. No prompt text is stored. The log retains the last 30 days / 10,000 calls and is included in your data export.

Kill-switch. One toggle in Settings disables every AI call and the observer pipeline instantly, with no confirmation dialog.

5a. Optional: Vrge Managed AI (subscription proxy)

Vrge Managed AI is an optional monthly subscription where we run the cloud inference for you instead of you bringing your own key. This section covers what happens when you subscribe. If you never subscribe, this section does not apply — §5 covers BYO-key cloud AI, and that path is unchanged.

What we log. The Managed AI proxy records metadata only for every forwarded call: your Vrge license key, the timestamp, the upstream provider (e.g. Anthropic), the selected model, input/output token counts, task type, and redaction status.

What we do not log. Prompt bodies, completion text, schema definitions, user-identifying payload fields — none of these are persisted server-side. This is a schema-level guarantee: the proxy's usage log table has no column for content, so no code path can leak it even by accident.

Redaction on the proxy. The client applies redaction before sending. The proxy verifies that redaction was applied for non-manual sources and refuses the call otherwise. Belt-and-suspenders so a client misconfiguration cannot send raw content.

Hard quota, no overage billing. Each tier includes a fixed monthly token cap. When you hit the cap, the proxy refuses further calls and your app falls back to BYO keys or Ollama. You will never be billed beyond the published tier price.

Self-serve cancel, no dark patterns. Cancellation is one click through the Lemon Squeezy customer portal. Access continues through the end of your current billing period, then stops — no auto-renewal, no retention nags, no “pause instead of cancel” flows, no win-back emails. We do not retain billing-related data beyond what Lemon Squeezy requires for tax and compliance purposes — see §8.

Self-host option. The Managed AI proxy ships as a Docker image under the same license as the app, so privacy-maximum users (legal, medical, airgapped, regulated industries) can run it on their own infrastructure with their own provider keys instead of using the cloud deployment at ai.getvrge.com.

No training, ever. Per §5, we do not ship your content to any cloud provider for training. This applies equally to Managed AI calls — we are the forwarder, not a data aggregator. We do not sell, rent, or broker your data under any circumstance.

6. Optional source integrations (Gmail, Calendar, etc.)

Vrge can watch your email, calendar, files, and bank activity to propose CRM entries for your review. All source integrations are off by default. You explicitly opt in to each one. When you connect a source, the app performs OAuth directly between your device (or your self-hosted team server) and the provider.

Supported sources as of this policy's effective date:

• Gmail (read-only)
• Google Calendar (read-only)
• Outlook Mail (read-only)
• Outlook Calendar (read-only)
• Local filesystem
• CSV bank imports
• Stripe (read-only restricted key)

When you connect a bank account through Plaid, you explicitly authorize the connection through Plaid Link, where you log into your bank directly with Plaid; we never see your bank login credentials. Plaid integration uses the read-only transactions product, which means we cannot initiate transfers, modify your account, or take any action that moves money. Stripe Connect (read-only) and PayPal Sign-In integrations work the same way, on the providers' own consent screens. Additional sources (Dropbox, QuickBooks Online, Xero) are in development.

6c. How OAuth credentials are handled

Some connected services (Plaid, Stripe Connect, PayPal) require a confidential application secret that cannot ship inside the desktop app. For these services, we operate a token-exchange relay on Vrge-controlled infrastructure that holds the secret server-side. The relay handles only the OAuth handshake — it forwards the credential exchange to the provider and returns the resulting access token to your device. The relay does not log, persist, or store the access token, your transaction data, or any user-identifying content. After the initial connection, transaction reads typically flow directly from your device to the provider; the relay is only re-involved for credential refresh and (in Plaid's case) data reads where Plaid's API requires the secret on every request.

6a. Google API Services — Limited Use disclosure

Vrge's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, when you connect Vrge to a Google account:

Scopes we request: gmail.readonly and calendar.readonly. Read-only. Vrge cannot send email, modify calendar events, move files, or touch your Google account in any way that changes data.
How we use Google user data: exclusively to power the features you see in Vrge — detecting new clients from email senders, extracting project details from message bodies, linking meetings to CRM entries, proposing invoice drafts, and surfacing proposals for your approval in the Inbox. No other use.
No transfer to third parties: Google user data is never sold, rented, licensed, or transferred to any third party outside the context of delivering Vrge's features to you. If you enable a cloud AI provider (see §5), prompt content derived from your mail may be sent to that provider (redacted by default) for inference only — never for model training.
No advertising use: Vrge does not use Google user data for advertising, ad personalization, or any ad-related purpose. Vrge does not serve ads.
No human reading: Vrge does not allow humans to read your Google user data, except (a) with your explicit consent (e.g. support cases you initiate), (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) for aggregated and anonymized operational analytics that cannot be used to identify any individual user.
Where the data lives: on solo desktop installs, all Google data stays on your machine (local SQLite encrypted at rest via SQLCipher with a per-device 256-bit key protected by the host operating system's keychain; OAuth tokens are independently encrypted via the OS keychain (macOS Keychain Services / Windows Credential Manager)). On self-hosted team installs, OAuth tokens and the proposals derived from them live on your own team server — you control the hardware, network, encryption key, and backups. Vrge does not operate a hosted team-server service, so we never have access to either.
How to revoke: disconnect the source in Settings → Sources at any time, which deletes Vrge's stored OAuth tokens. You can also revoke Vrge's access at any time from Google's Third-party apps & services page.

6b. Microsoft 365 integrations

The same principles apply to Microsoft 365 integrations via Microsoft Graph. Vrge requests Mail.Read and Calendars.Read delegated permissions, read-only. Data is used only to surface proposals in the Inbox, never sold or transferred, never used for advertising or model training. Revoke access at any time from My Account → Privacy.

7. Optional self-hosted Team server

The Team license includes a server component you run on your own infrastructure. You control the hardware, network, and data. We have no access. If you are using a Team server provided by your employer, your employer is the controller for the data on it.

8. Sub-processors and third parties

A complete, current list of sub-processors and third-party services is available on the Sub-processors page. We will update that page before adding new sub-processors that materially affect our processing.

9. International data transfers

If you are in the European Economic Area, the United Kingdom, or Switzerland, data we process may be transferred to the United States (where TRD Ventures and several sub-processors are based).

Lemon Squeezy relies on the EU Standard Contractual Clauses and the EU–US Data Privacy Framework.
Cloudflare is certified under the EU–US Data Privacy Framework.
Cloud AI providers (Anthropic, OpenAI, Google) are your sub-processors, not ours, when you enable them. Review each provider's transfer mechanism on their site before enabling.

10. Data retention

• License records: life of license + 3 years
• Support email: 3 years after last message
• Cloudflare analytics: 6 months (aggregate)
• In-app AI activity log: 30 days or 10,000 calls, whichever comes first (stored on your device)
• In-app provenance log: append-only, retained as long as you keep the database (stored on your device)
• Your business data: retained by you, on your device, until you delete it

11. Your rights

Depending on where you live, you have rights to access, correct, delete, restrict, or object to our processing, and to data portability. Under GDPR/UK GDPR you also have the right to withdraw consent at any time and to lodge a complaint with your supervisory authority.

Because Vrge stores your business data on your device, most of these rights you exercise directly — export, edit, or delete your SQLite database yourself, anytime, even with an expired license. For the limited personal data we hold (license records, support email), send a request to privacy@getvrge.com. We respond within 30 days.

12. California residents (CCPA / CPRA)

If you are a California resident, the categories of personal information we collect map to CCPA categories as follows:

• Identifiers: email, license key, IP (via Cloudflare, aggregated)
• Commercial information: purchase records (held by Lemon Squeezy)
• Internet activity: page views on the marketing site (via Cloudflare, cookieless)

Sources: directly from you; from Lemon Squeezy on purchase. Business purpose: providing and supporting the product.

We do not sell or share your personal information as those terms are defined under the CCPA, and we have not in the preceding 12 months. We therefore do not offer a "Do Not Sell or Share" link — there is nothing to opt out of.

You have the right to know, delete, correct, and limit the use of sensitive personal information. To exercise any of these rights, email privacy@getvrge.com. We do not discriminate against you for exercising these rights.

13. Children's privacy

Vrge is a business productivity tool. It is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, email privacy@getvrge.com and we will delete it.

14. Sensitive data — HIPAA notice

TRD Ventures is not a HIPAA-covered entity and Vrge is not a HIPAA-compliant system. Do not use the app to store, process, or transmit Protected Health Information (PHI) that is regulated under HIPAA. If you work in a regulated vertical (health, legal, financial) and want to use Vrge for matters that touch regulated data, use the local Ollama AI provider and keep source integrations that pull PHI-adjacent data turned off.

15. Security and breach notification

We apply industry-standard measures to the limited data we hold: bcrypt password hashing on the Team server (you host), TLS for all network calls we make, signed auto-updater payloads, and no third-party telemetry.

If we become aware of a personal-data breach affecting data held by us, we will notify affected individuals by email within 72 hours of confirmation, along with the nature of the breach, categories of data affected, likely consequences, and mitigation steps. For breaches affecting data held by a sub-processor (e.g., Lemon Squeezy), that sub-processor is primarily responsible for notification under its own obligations, and we will assist.

To report a suspected vulnerability in Vrge, email security@getvrge.com. Full responsible-disclosure policy with scope, response-time commitments, and safe-harbor language lives at /security.

16. Changes to this policy

We'll update this page if the policy changes and revise the date at the top. For material changes, we'll try to notify license holders by email.

17. Contact

General: support@getvrge.com
Privacy / data requests: privacy@getvrge.com
Security reports: security@getvrge.com

TRD Ventures LLC · New Mexico, USA