LEGAL
Privacy Policy
Last updated: 18 July 2026
Last updated: 18 July 2026
Who we are
Vquity is a cap-table and equity management product operated by LISAN AI - FZE ("we", "us") as part of the Lisan platform. This privacy policy explains what personal data we process, where it comes from, why we process it, how long we keep it, and the rights available to individuals. Privacy questions go to support@lisan.com.
For account, website, support, and product-usage data, LISAN AI - FZE generally acts as the controller. For personal data a customer places in a company workspace, the customer generally decides why and how that data is used and we process it to provide the service. If you are a shareholder, employee, investor, or other stakeholder whose data was added by a Vquity customer, that company may be the right first contact for a request about the record.
Data we collect
- Account data. Your name, email address, and authentication details when you create an account or sign in.
- Cap-table data you enter. Shareholder names and contact details, share classes, transactions, option grants, vesting schedules, valuations, and related records you or your team add to a company workspace.
- Documents you upload. Files you place in the Data Room or attach to records, for example SAFEs, board consents, or grant agreements.
- Usage data. Application logs and diagnostic events (pages visited within the app, errors, timing) that help us keep the service running and improve it.
- Communications and commercial data. Messages you send to support, product enquiries, and subscription or order information. Payment providers may process payment-card details; we do not need to store full card numbers in Vquity.
Where the data comes from
We receive data directly from account holders, workspace administrators, and people using a portal. A company may also add personal data about its shareholders, employees, investors, directors, advisors, or other stakeholders, or import it from a spreadsheet or supported external platform. Technical and usage data is generated when the service is used.
How we use your data
We process the data above to:
- provide the service, storing, displaying, and computing over your cap table;
- authenticate you and the people you invite, including passwordless OTP sign-in for investor and employee portals;
- run features you explicitly trigger, such as AI extraction on documents you submit;
- respond to support requests;
- monitor security, prevent abuse, and debug faults;
- improve the product based on aggregate usage patterns.
We do not use your cap-table data or documents for advertising, and we do not train general-purpose AI models on your content.
Legal bases
Where a law such as the UK GDPR or EU GDPR requires a legal basis, we rely on the basis that fits the activity:
- Contract: to create accounts, provide requested product functions, administer subscriptions, and respond to service requests.
- Legitimate interests: to secure and improve the service, prevent abuse, diagnose faults, and communicate about the product, balanced against the rights of affected individuals.
- Legal obligation: where records or disclosures are required by applicable law.
- Consent: where we specifically ask for it; consent can be withdrawn for future processing.
When we process workspace content for a customer, the customer is responsible for identifying its own lawful basis and giving any notices required to the people represented in that content.
Subprocessors
We use a small number of service providers to run Vquity:
- Cloud hosting and database infrastructure: stores application data and uploaded files.
- Email delivery: sends sign-in codes, invitations, and notifications.
- AI processing: used for document extraction, and only on documents you submit for extraction. Extracted fields are shown to you for review and can be edited or overridden; overrides are recorded in an audit trail.
Each provider is permitted to process data only for the services it supplies to us, subject to contractual and security obligations. We may also disclose data when required by law, to protect the service and its users, or as part of a corporate transaction subject to appropriate safeguards. Contact us for current subprocessor information relevant to your workspace.
International transfers
Our providers and personnel may process data in countries other than the country where it was collected. Where applicable law restricts these transfers, we use a recognised transfer mechanism or other appropriate safeguard, such as contractual clauses or an adequacy decision. Contact us if you need information about the safeguard relevant to your data.
Retention
We keep data while an account or company workspace is active and for as long afterwards as reasonably needed to provide exports, resolve disputes, maintain security, meet contractual commitments, or comply with law. Retention depends on the record: audit entries may be kept with the equity records they describe, while support and diagnostic records may follow shorter operational schedules. Deleted data is removed from the live service and residual backup copies expire through the normal backup rotation, unless preservation is legally required.
Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, restrict or object to processing of personal data, receive portable data, or withdraw consent. These rights can be limited by law and by the rights of other people. Email support@lisan.com; we may need to verify your identity and, for customer-controlled workspace records, may refer the request to the workspace administrator.
Workspace administrators can export company details, share classes, shareholders, rounds, grants, and warrants in XLSX or JSON, export the shareholder register in CSV, and download Data Room contents separately as a zip. They can also request account or workspace deletion, subject to applicable retention obligations.
You may also complain to the data-protection authority that applies where you live or work. We would appreciate the opportunity to address the concern first.
What we never do
We do not sell personal data or company equity data. We disclose it only as described in this policy, when instructed by the customer that controls a workspace, or when legally required.
Changes to this policy
If we make a material change, we will update the date at the top and provide additional notice where required. The current policy applies from the stated date; we do not treat silence as consent where consent is legally required.
Contact
Privacy questions, export requests, or deletion requests: support@lisan.com. See also our Terms of Service and Security pages, or reach us via the contact page.