HomeVestaGlass Logo

VestaGlass

Join the Pilot

Privacy Policy

Last updated: May 3, 2026

This Privacy Policy explains what information VestaGlass collects, how we use it, and the choices you have. We aim to be plain-spoken here: we don't sell your data, we don't share it with advertising networks for profiling, and we keep our list of third parties short.

The short version

  • We do not sell your personal data to anyone.
  • We do not use third-party advertising trackers in your browser. No Meta Pixel, no Google Tag, no advertising cookies.
  • We share a limited set of identifiers — hashed name, hashed email (in some cases), and your IP/user agent — with Meta via their server-side Conversions API to measure the effectiveness of our own ads.
  • We use Sentry for error monitoring and session replay; Sentry receives broad access to application data so we can diagnose security and stability issues.

Information we collect

Information you give us

  • Account information: name, email address, and authentication credentials, handled by our identity provider Clerk.
  • Billing information: handled by our payment processor. We do not store full card numbers.
  • Customer Data: the property, inspection, workflow, and related data you create or upload while using the Service.
  • Communications: the content of messages you send to support or sales.

Information collected automatically

  • Session and device data: IP address, browser user agent, and timestamps, collected when you interact with the Service.
  • Usage data: pages visited, features used, and internal performance metrics (e.g., map load events) used to operate and improve the Service.
  • Cookies: see our Cookies page for the specific cookies we set.

How we use information

  • To provide, maintain, and improve the Service.
  • To authenticate users and protect against fraud and abuse.
  • To process payments and manage subscriptions.
  • To diagnose errors and monitor performance.
  • To measure the effectiveness of our own marketing (see "Advertising" below).
  • To respond to your support requests and communicate with you.
  • To comply with legal obligations.

Advertising

We do not load any third-party advertising trackers in your browser. There is no Meta Pixel, no Google Tag, no advertising cookies, no cross-site tracking on VestaGlass.

We do, however, use Meta's server-side Conversions API (CAPI) to measure the effectiveness of advertising we run on Meta platforms. When you take a conversion-relevant action (such as creating an account, adding payment information, starting a trial, completing a purchase, or submitting a lead form), our server sends an event directly to Meta containing:

  • Hashed first name and last name (SHA-256, sent for matching only).
  • Hashed email address (SHA-256), only for account-creation and payment events.
  • Your IP address and browser user agent, used by Meta for matching.
  • Event metadata: event name, event ID, event timestamp, page URL, and — for purchase and trial events — the currency and value.

We do not send your VestaGlass session ID, your customer data, or any property/inspection records to Meta. We do not use this data, or any data, for behavioral advertising on third-party sites.

Service providers we share data with

We use a small number of vendors to operate the Service. They receive only the data needed to perform their function, and they are contractually required to protect it.

  • Clerk — authentication and identity. Receives account and session data.
  • Fly.io — hosting and infrastructure. Processes all application traffic.
  • Sentry — error monitoring, performance tracing, and session replay. Sentry is granted broad access to application data — including IP addresses, request context, error context with local variables, and a sample of session replays — so we can diagnose security and stability issues.
  • Meta — receives the limited Conversions API event data described above for advertising measurement only.
  • Payment processor — handles billing and stores payment instruments on our behalf.

What we do not do

  • We do not sell personal data.
  • We do not share personal data with data brokers or advertising networks for profiling.
  • We do not use Customer Data to train third-party AI models without your consent.

Data retention

We retain Customer Data for as long as your account is active and for a reasonable period afterward to satisfy legal, accounting, and operational requirements. You may request deletion of your personal data as described below. Backups are retained on a rolling schedule and are overwritten in due course.

Security

We protect your data with TLS in transit, encryption at rest, access controls, and the practices described on our Security page. No system is perfectly secure, but we work hard to keep yours safe.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, email privacy@vestaglass.com. We will respond within the timeframes required by applicable law.

California residents have specific rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.

EEA / UK residents have rights under the GDPR / UK GDPR. Our lawful bases for processing are performance of a contract, legitimate interests (operating and securing the Service), consent (where required), and compliance with legal obligations.

Children

The Service is not directed to children under 13 (or the applicable age in your jurisdiction), and we do not knowingly collect personal data from them.

International transfers

Our service providers may process data in the United States and other countries. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notification. The date at the top of this page reflects the most recent revision.

Contact

Privacy questions or requests: privacy@vestaglass.com.