Overview
This Privacy Policy explains how Vincore, Inc. ("Vincore," "we," "us") collects, uses, and shares personal information when you visit our websites, communicate with us, or use our products and services, including the Echo platform.
Where we process personal data on behalf of a customer (for example, data about members of a customer's Discord community), we act as a processor, and the customer's privacy notice governs that processing. This policy describes our practices as a controller.
Information we collect
We collect information in three broad ways:
- Information you give us. Name, email, employer, role, and content of your messages when you contact us, request a demo, sign an agreement, or use the Services.
- Information collected automatically. IP address, browser type, device identifiers, pages viewed, referring URLs, and approximate location, collected via cookies and similar technologies.
- Information from third parties. Business contact information from event registrations, integrations you authorize (e.g. Discord OAuth), and publicly available sources used for prospect research.
How we use information
We use personal information to:
- Provide, secure, and improve the Services and our website.
- Communicate with you about your account, projects, and incident updates.
- Send marketing communications you have consented to receive (and from which you may unsubscribe at any time).
- Carry out research, analytics, and product development.
- Detect, prevent, and respond to fraud, abuse, or security incidents.
- Comply with legal obligations and enforce our agreements.
Legal bases (EEA / UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases:
- Performance of a contract — to provide Services you or your employer requested.
- Legitimate interests — to operate, secure, and improve our business, where those interests are not overridden by your rights.
- Consent — for optional marketing communications and certain cookies, which you can withdraw at any time.
- Legal obligation — where required by applicable law.
How we share information
We share personal information with:
- Service providers (hosting, analytics, payment processing, email delivery) that act on our instructions under written agreements.
- Customers and their authorized personnel, where your communications relate to their engagement.
- Affiliates and successors in connection with a merger, acquisition, or sale of assets.
- Authorities and others where we believe disclosure is required by law or necessary to protect the rights, property, or safety of Vincore, our customers, or the public.
Data from communities we operate
When we are engaged to operate or analyze a Discord community on behalf of a customer, we process information about that community's members (such as usernames, message content surfaced through Echo, role assignments, and moderation actions) as a processor on the customer's behalf.
Members of those communities should contact the operator of their community for that operator's privacy notice. Vincore will assist customers in responding to data subject requests in accordance with the Data Processing Agreement signed between us.
Data retention
We retain personal information only for as long as needed for the purposes described in this policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are described in our internal data retention schedule and, for customer data, in the Data Processing Agreement.
Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your personal information; to receive your data in a portable format; and to withdraw consent. To exercise these rights, contact privacy@vincore.gg.
We will respond within the time period required by applicable law. You also have the right to lodge a complaint with your local data protection authority.
International transfers
Vincore is headquartered in the United States and our personnel are distributed across multiple regions. Where we transfer personal data internationally, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and the UK Addendum where applicable.
Security
We maintain technical and organizational measures designed to protect personal information, including encryption in transit, access controls, audit logging, and secure development practices. No system is perfectly secure, and we cannot guarantee absolute security.
Children
Our Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us so we can take appropriate action.
California residents
California residents have additional rights under the California Consumer Privacy Act, as amended (the "CCPA"), including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information in the traditional sense, but our use of analytics and advertising cookies may constitute "sharing" under the CCPA.
To exercise CCPA rights, contact privacy@vincore.gg or use the opt-out controls in our cookie preferences panel.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will revise the "Last updated" date at the top and, for material changes, provide additional notice (such as by email or a banner on the Services).
Contact
If you have questions about this Privacy Policy or our practices, contact our privacy team at privacy@vincore.gg. For requests involving regulated personal data, please include enough information to verify your identity.