Privacy policy.
Version: 1.0 · Last updated: 2026-05-19 · Applies to all data we collect or process in connection with AI In Your Pocket purchases at pocketai.vpnetworks.co.uk.
01 Who we are
AI In Your Pocket is sold by VantagePoint Networks — a UK sole trader based in London. Contact for any privacy question: info@vpnetworks.co.uk. We are the data controller for the purchase data described below. We are NOT a data processor for the conversational data you process with the product after installation — that data never reaches us.
02 What we collect at purchase
When you buy AI In Your Pocket via the Stripe checkout on this site, the following data is collected and stored in our database:
- →Email address — provided by you at checkout; used to deliver the download link and any support correspondence.
- →Company name — collected as a required Stripe custom field at checkout.
- →Sector — optional free-text field at checkout, used to tailor support if you ask for help.
- →VAT number — if you provide one at checkout, for inclusion on your invoice.
- →Billing address — required by Stripe for payment processing and tax determination.
- →IP address — captured ONCE when you first download your purchase, used solely as chargeback evidence if a payment dispute arises.
- →Purchase metadata — timestamp, tier purchased, amount paid, Stripe session reference, download token, terms-version-acknowledged.
Your card details are processed by Stripe and never reach our servers. We do not see, store, or have access to them.
03 What we do NOT collect
Once you install AI In Your Pocket on your own machine, we have no access to:
- →Your Telegram bot token, the messages you or your team send, or any reply the AI generates.
- →Your team's conversation memory (stored on your own machine, in your AppData folder, never copied anywhere).
- →Your AI engine API key (encrypted at rest on your machine via Windows DPAPI).
- →Any custom AI tools you add or modify after setup.
- →Telemetry of any kind — the product does not phone home, ever.
04 Where data is stored
- →Purchase records: Supabase Postgres database, EU region (Frankfurt).
- →Installer file: Supabase Storage (private bucket), EU region. Served only via 48-hour signed URLs.
- →Email correspondence: Resend (UK/EU infrastructure) for the one transactional delivery email; subsequent support emails are in our regular email inbox.
- →Stripe records: Stripe holds your payment record under their own privacy policy.
05 Sub-processors
We use these processors to operate the storefront and deliver your purchase:
- →Stripe — payment processing. stripe.com/privacy
- →Supabase — database + file storage (EU region). supabase.com/privacy
- →Resend — transactional email delivery. resend.com/legal/privacy-policy
- →Vercel — hosting for pocketai.vpnetworks.co.uk. vercel.com/legal/privacy-policy
06 Retention
We retain purchase records for 6 months from purchase date, then delete them. The 6-month window covers the maximum chargeback dispute period under Stripe. After that, the only record of your purchase that remains is in Stripe's own system (where it's retained under their policy, typically 7 years for tax purposes).
If you exercise your right to deletion (Section 09) before the 6 months are up, we will delete sooner. We may retain the bare minimum needed to defend against an active dispute or fraud investigation.
07 Third parties when you USE the product
After installation, the product interacts with two third parties on your behalf. These are NOT our sub-processors — they're separate data controllers that you authorise by configuring the product:
- →Telegram (Telegram FZ-LLC). All bot messages traverse Telegram's infrastructure. They hold metadata (timestamps, user IDs) and message content per their own privacy policy. If you handle regulated client data, consider this when deciding what to send via the bot.
- →Your chosen AI provider. v1.0 ships with Anthropic only. The text content of each message you send is also sent to Anthropic for inference. Anthropic publicly commits not to train on API traffic — verify their current policy at anthropic.com/legal/privacy before processing regulated client data through the bot.
For both: you are the data controller, the third party is a separate processor under your direct relationship with them. We provided the product that connects to them; we do not see or store the data that flows.
08 Your rights under UK GDPR
For purchase data we hold about you, you have the right to:
- →Access — request a copy of the data we hold about your purchase.
- →Rectification — correct anything inaccurate (e.g. wrong company name on invoice).
- →Erasure — ask us to delete your record (we'll honour this subject to active dispute / legal hold).
- →Portability — receive your data in a machine-readable format.
- →Object — ask us to stop processing your data for a particular purpose.
- →Complain — to the UK Information Commissioner's Office at ico.org.uk.
To exercise any of these rights, email info@vpnetworks.co.uk from the email address you used at checkout. We aim to respond within 1 UK working day and to complete the action within 30 days (the UK GDPR statutory maximum).
09 Enterprise tier — Data Processing Schedule
Enterprise buyers (£7,997) can request a Data Processing Schedule (DPS) tailored to their processing context. This covers the formal GDPR Article 28 processor obligations for regulated sectors (legal, healthcare, accountancy, FCA-regulated). Lead time 5 working days. Contact info@vpnetworks.co.uk to request.
10 Cookies
pocketai.vpnetworks.co.uk does not set any first-party tracking cookies. The Stripe checkout page may set its own functional cookies for payment processing under Stripe's privacy policy.
11 Updates to this policy
We may update this policy from time to time. The current version is always at this URL with the version number and last-updated date at the top. Material changes will be flagged here for at least 30 days.
Questions about this policy? Email info@vpnetworks.co.uk.