Privacy Policy
Plain language. No legalese. Here is exactly what we collect, why we collect it, and what we do with it.
Effective date: April 29, 2026. Last updated: April 29, 2026.
Who we are
Valtro is a done-for-you marketing service for local businesses, operating in New Jersey. We handle websites, social media, content, Google Business Profile management, reviews, and email marketing so business owners can focus on running their business instead of chasing algorithms.
You can reach us at victor@valtro.ai. That goes directly to Victor, the founder.
What we collect and why
We only collect information that is necessary to deliver the service. Here is a straight breakdown.
Waitlist and contact forms
When you fill out the waitlist or the free audit form on our website, we collect your name, email address, and basic business information (business name, type, location). We use this to contact you about your spot on the waitlist, send your audit results, and follow up about Valtro. We do not add you to a newsletter unless you explicitly check the newsletter box.
Account and payment information
If you become a client, we collect your email address to create your account. Payment information (credit card numbers, billing details) is handled entirely by Stripe. We never see or store your card number. Stripe stores it on their servers under their own PCI-compliant security. We only receive a confirmation that payment succeeded and a Stripe customer ID to associate with your account.
Social media and platform access
To publish content to your social media accounts on your behalf, we need OAuth access tokens for the platforms you authorize (Instagram, Facebook, X, LinkedIn). These tokens are stored in our database in encrypted form. We use them only to publish content you have already approved through your client portal. We do not post anything without your approval, and you can revoke access at any time through the social platform settings or by emailing us.
Google Business Profile data
When you connect your Google Business Profile, we read your profile information, review data, and local insights on your behalf. We use this to run your audit, monitor your profile health, and respond to reviews with your approval. We do not share this data with any third party.
Usage data
We collect standard web server logs (IP address, browser type, pages visited, timestamps) for security and debugging. Once analytics are fully wired, we plan to use Google Analytics 4 and potentially Meta Pixel to understand how people find us and what pages they visit. When that happens, this policy will be updated to reflect it, and you will see a cookie notice.
AI processing
When we generate content, respond to reviews, or run audits on your behalf, your business information is sent to Anthropic (makers of Claude) as part of the prompt. Anthropic does not use API inputs to train their models by default. We send only what is necessary: your business name, location, voice profile, and the specific context needed for the task.
How your information is used
- To deliver the marketing service you signed up for
- To contact you about your account, billing, or service updates
- To send the newsletter if you opted in (you can unsubscribe any time)
- To improve how the platform works (aggregate, anonymized usage patterns)
- To comply with legal obligations if required
We do not sell your information. We do not share it with advertising networks. We do not use it for any purpose other than delivering and improving the service.
Who else touches your data
Running Valtro requires a small set of trusted third-party services. Here is every vendor we use and what they see.
| Vendor | What they do |
|---|---|
| Supabase | Database and authentication. Hosts your account data and content. |
| Stripe | Payment processing. Handles all billing securely. We never see card data. |
| Resend | Transactional email. Sends your welcome email, audit results, and reports. |
| Anthropic | AI model provider. Processes business info to generate content and audits. |
| Vercel | Hosting. Runs the Valtro platform and your generated website. |
| Upstash | Rate limiting and caching. Prevents abuse. Does not see user content. |
Each of these vendors has their own privacy policy and is bound by data processing agreements. We have selected vendors with strong security practices and do not use vendors who sell data.
Cookies
Valtro uses a small number of cookies required to operate the service.
Essential cookies
When you log in to your client portal, a session cookie is set by Supabase to keep you authenticated. This cookie is required for the portal to function. It expires when you log out or when your session times out.
Analytics cookies (planned)
We intend to add Google Analytics 4 and optionally Meta Pixel to better understand traffic to the public marketing pages. When these go live, a cookie consent banner will appear and you will have the option to opt out before any tracking cookie is set. This policy will be updated at that time.
How long we keep your data
- Active client accounts: data is kept for as long as your account is active and for 30 days after account closure, in case you want to retrieve it.
- Waitlist entries: kept until you are onboarded as a client or until you ask us to remove you.
- Audit logs and system logs: kept for 12 months for security and debugging purposes, then deleted.
- Payment records: kept for as long as legally required (typically 7 years for financial records under IRS guidelines).
- OAuth tokens: deleted within 7 days of you revoking access or closing your account.
If you want your data deleted before the standard retention period, email victor@valtro.ai and we will handle it within 30 days.
Your rights
Regardless of where you are, you have the right to:
- Access the personal information we hold about you
- Correct any information that is inaccurate
- Delete your account and the data associated with it
- Export your data in a machine-readable format
- Opt out of marketing emails at any time (unsubscribe link is in every email)
- Revoke social media or Google access at any time through those platforms or by contacting us
To exercise any of these rights, email victor@valtro.ai. We will respond within 30 days.
California residents (CCPA)
If you are a California resident, the California Consumer Privacy Act gives you additional rights.
Right to know: You can request a list of the categories of personal information we have collected about you in the past 12 months, the categories of sources, the business purpose for collecting it, and the categories of third parties we share it with.
Right to delete: You can request that we delete the personal information we have collected from you, subject to certain exceptions (like legal compliance and active billing records).
Right to opt out of sale: We do not sell personal information. There is nothing to opt out of.
Right to non-discrimination: We will not penalize you for exercising any CCPA rights.
To submit a CCPA request, email victor@valtro.ai with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.
EU and UK residents (GDPR)
If you are located in the European Union or United Kingdom, the General Data Protection Regulation applies.
Legal basis for processing: We process your data under the following legal bases:
- Contract: Processing your account data to deliver the service you signed up for
- Legitimate interest: Security logging and service improvement
- Consent: Newsletter subscriptions and analytics cookies (where applicable)
- Legal obligation: Financial records required by law
Data transfers: Valtro and most of our sub-processors are based in the United States. By using our service, you acknowledge that your data may be transferred to and processed in the US, where data protection laws may differ from those in your country. We use Standard Contractual Clauses where required.
Right to lodge a complaint: If you believe your data is being processed unlawfully, you have the right to lodge a complaint with your local data protection authority.
To exercise any GDPR rights, email victor@valtro.ai. We will respond within 30 days, or 72 hours in the case of a data breach notification.
Children's privacy
Valtro is a business-to-business service. It is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has submitted information to us, please contact us and we will delete it immediately.
Changes to this policy
If we make material changes to how we handle your data, we will update the "Last updated" date at the top of this page and email active clients with a summary of what changed. Minor clarifications (fixing a typo, adding a sub-processor we already use) do not trigger an email, but the date will still update.
Continued use of the service after a policy update means you accept the revised policy.
Questions
Privacy questions go directly to Victor. No ticketing system, no forwarding queue.
Email: victor@valtro.ai
Operating jurisdiction: New Jersey, United States