Legal

Privacy Policy

Effective: February 16, 2026 Last Updated: July 12, 2026

This Privacy Policy describes how Del Rey LLC, doing business as NVS (Network Virtual Systems) ("NVS," "we," "our," or "us"), collects, uses, stores, and protects information when you access or interact with NVSautomate.com (the "Website") and the Phantom platform at app.nvsautomate.com (the "Platform"). It is written to reflect what the Website and the Platform actually do. By accessing the Website or the Platform, you consent to the practices described below.

01 Information We Collect

1.1 — When you contact us or inquire about automation services

When you reach out to NVS through our Website or by email, we collect information such as your name, email address, phone number, company, and what you tell us about your current operations and goals. When you submit our "Book a Call" form, these details are sent to our automation backend to route your inquiry and schedule your call (see §5). We collect this because it is in our legitimate interest to understand your needs, respond, and determine whether our services fit your operations.

1.2 — When you begin onboarding for automation or consulting services

During onboarding, we collect the information required to build, connect, and deploy your systems. This may include login credentials, API keys, platform access tokens, and internal operational documents such as workflow diagrams, contact lists, and process notes. We use these only to set up and maintain your automations, and we store credentials in encrypted form (see §6). We do not use this information to train public AI models or sell it to third parties.

1.3 — When you interact with our Website

When you use NVSautomate.com, we automatically collect limited technical and behavioral information through our own first-party analytics. This includes a randomly generated session identifier, the pages and sections you view, links and buttons you interact with, scroll depth, active time on a page, device type, screen size, and any campaign parameters (UTM tags) and referring URL that brought you to the site. This data is stored on our own infrastructure. We do not run Google Analytics, Meta Pixel, or any third-party advertising or profiling trackers, we do not build advertising profiles, and we do not sell this data. Like most web servers, our hosting may process your IP address transiently to deliver and secure the site; our analytics records do not store your IP address.

1.4 — When sensitive or confidential data is required for automations

Some automations require access to sensitive information such as employee data, customer lists, or internal operational databases. We collect and process this data only when you provide it for the purpose of building or maintaining your automations. Where a client prefers an arrangement that avoids sharing sensitive data, we work with them to accommodate it whenever possible.

1.5 — When we communicate with you

If you contact us about support, billing, or system optimization, we collect your contact information and anything you choose to share so we can respond. Where you opt in — or where you are an existing client and it is in our legitimate interest to keep you informed — we may send operational updates, onboarding messages, or marketing communications. You may unsubscribe at any time; we track marketing opt-in and do-not-contact preferences so we can honor them.

1.6 — Technical information from systems and dashboards

If NVS provides you with access to client dashboards or portals, we may collect usage information related to your interactions with those systems — logs, connection status, and error tracking — solely to keep the automations functional and secure.

1.7 — If our business is acquired or merged

If NVS is acquired or merges with another company, we may transfer your personal information to the acquiring entity to ensure service continuity. If you object to this transfer, the acquiring company may be unable to continue providing services to you.

1.8 — When you use the Phantom Platform

When you sign in to and use the Phantom Platform, we collect and store the data needed to operate your workspace. This includes:

  • Data your business puts into Phantom — contact and CRM records, table rows, form submissions, orders, testimonials, and similar records.
  • Communications you connect — when you authorize it, the contents of email in a connected mailbox and the transcripts, summaries, and action items of meetings from a connected meeting-recording tool. This content is indexed so the Platform's assistant can answer questions and draft work grounded in it (see §3).
  • Data Phantom generates on your behalf — workflow run history, an immutable audit log, AI chat history, and cost / usage metering.
  • Connection credentials — OAuth tokens and API keys you authorize for third-party integrations (e.g., Google), stored encrypted (see §6).

Workspace data is scoped to your tenant and gated by row-level security at the database layer as well as application-layer tenant checks.

02 How We Use Your Information

2.1 — To build and maintain your automations

We use the information you provide to design, build, deploy, and maintain automation systems for your business — connecting your tools, ensuring your automations run correctly, and resolving issues. We rely on this to fulfill our contractual obligation to deliver the systems you've engaged us for.

2.2 — To operate, optimize, and support your workflows

To keep systems reliable and improve them, we use operational details, run history, and analytics to identify bottlenecks, monitor system behavior, and support your account. We use your contact information to reach you about updates, billing, service changes, onboarding tasks, and any issue that affects your automations or needs your confirmation before we act.

2.3 — To understand and improve the Website

We use the first-party behavioral data described in §1.3 to understand how visitors use our content and to improve the site's functionality and layout. This analysis is for our own product and traffic understanding, not for third-party advertising.

2.4 — For marketing, where permitted

If you opt in — or if you are an active client receiving operational updates — we may use your information to send newsletters, educational content, and business communications. You may unsubscribe at any time.

03 Automated Processing & AI

3.1 — How the Platform uses automation and AI

The Phantom Platform runs automated workflows and uses AI models to do work on your behalf. Depending on the automations you engage us for, this can include classifying and routing inbound messages, transitioning the status of orders or records, generating draft communications, and answering questions grounded in the data you have connected. Some outputs are produced automatically; certain sensitive actions — such as some outbound emails — are prepared as drafts for a person to review before they are sent, while routine lifecycle actions may occur automatically.

3.2 — AI processing of your content

To provide these features, relevant text — which may include personal data contained in emails, meeting transcripts, form submissions, and records — is sent to third-party AI providers to generate embeddings (a numerical index used for search) and to produce responses and drafts. The specific providers are listed in §5. Within the Platform's interface these models may appear under NVS product names; the underlying providers are those named in the sub-processor list. We select providers whose terms state that data submitted through their API is not used to train their own models.

3.3 — Staff access to your workspace

Authorized NVS staff may access your workspace to build, operate, support, and troubleshoot your automations. This access — including when a staff member is acting inside your workspace — is recorded in an immutable audit log.

04 Cookies & Tracking Technologies

4.1 — On the Website

The Website does not set advertising or cross-site tracking cookies, and it does not run third-party ad or profiling trackers. Our first-party analytics (described in §1.3) uses your browser's temporary sessionStorage — not cookies — to hold a session identifier for the duration of your visit. Because we do not deploy advertising or profiling cookies, we do not currently display a cookie-consent banner. You can clear or block browser storage at any time through your browser settings, or contact us to opt out of our first-party analytics.

4.2 — On the Phantom Platform

When you are signed in to the Platform, our authentication provider sets strictly-necessary cookies (sb-*) to keep you logged in and to remember your active workspace. These are essential to the Platform; disabling them will prevent sign-in. The Platform does not run third-party analytics or advertising trackers.

05 Sharing & Sub-Processors

NVS does not sell your personal information. We share it only as needed to provide our services, when you authorize it, or when required by law. We disclose information to comply with lawful requests such as subpoenas or requests from authorities. To operate the Website and the Platform, we rely on the third-party providers below, each of which processes data on our behalf under its own terms and, where applicable, a data-processing agreement.

5.1 — Website providers

  • Vercel — hosts the Website and its serverless functions, including the first-party analytics endpoint.
  • Supabase — stores Website analytics events and, if you create an account, your login credentials and profile.
  • n8n Cloud — receives the details you submit through our "Book a Call" / contact form (name, email, phone, company, and what you describe about your operations) to route your inquiry and schedule your call.
  • Google Fonts — serves the site's typefaces; as part of loading them, Google receives your IP address.
  • jsDelivr — a content-delivery network that serves certain JavaScript libraries.
  • Google Meet — used to host booked calls.

5.2 — Phantom Platform sub-processors

  • Supabase — primary database, authentication, and file storage (the system of record for workspace data).
  • Temporal Cloud — schedules and runs automation workflows.
  • Modal — compute host that executes the Python workflow code.
  • Vercel — hosting and edge compute for the Platform's web surfaces.
  • OpenRouter — gateway used to send text to large language models.
  • OpenAI — language models and text embeddings.
  • Anthropic — language models used for tasks such as query rewriting and titling.
  • Cohere — reranking of search results.
  • Google (Gmail & Calendar) — when you connect a Google account, we access the mailbox and calendar you authorize (which may include read, send, and modify access) to ingest and send email and manage appointments.
  • Fathom — when connected, provides meeting transcripts, summaries, and action items.
  • Resend — sends transactional email such as invitation links.
  • Svix — verifies the signatures of incoming webhooks.
  • ClickUp — when connected, tasks and records are read and written for the relevant client integrations.

Some legacy client integrations additionally route data through n8n. This list may evolve as the Platform changes; material updates will be reflected here.

06 Credential Handling

6.1 — Why we hold credentials

Many automations require access to logins, API keys, or OAuth tokens. We collect these only when necessary and use them solely to connect and maintain your systems. We restrict access to authorized team members and do not reuse credentials for new services without notifying you first.

6.2 — How credentials are stored

Credentials and other sensitive secrets stored in your Phantom workspace are encrypted at rest using AES-256-GCM, with a separate encryption key held outside the database. OAuth refresh tokens, API keys, and other secrets are stored only in encrypted form; plaintext never leaves the Platform's secured server-side boundary, and secrets are never returned to the client interface. Decryption happens only when an automation actively needs the credential to call a third-party service on your behalf.

07 Payment Processing

7.1 — Purchases through the Website

We do not currently sell products or collect payment details directly through the Website, and we do not store credit-card numbers on our servers. If we introduce paid digital products or subscriptions, payment will be handled by a third-party payment processor acting as Merchant of Record, which will collect the information needed to process your transaction (such as name, billing address, and payment method) under its own compliance standards. We will update this section with the named processor before any such offering goes live.

08 Data Retention

8.1 — How long we keep data

We keep personal data for as long as we have a relationship with you and for a reasonable period afterward, to allow reactivation and to meet legal, accounting, and security obligations. Website analytics data is retained in our systems for ongoing traffic and product analysis. Content you connect to the Phantom Platform — such as ingested emails, meeting transcripts, records, and the search index built from them — persists in your workspace until you or NVS delete the relevant data or the workspace itself.

8.2 — Deletion and export requests

You may ask us to provide a copy of, correct, or delete the personal data we hold about you by emailing Admin@NVSautomate.com. We will verify and act on such requests within a reasonable period consistent with applicable law. Some records — such as audit-log entries — may be retained longer where necessary to meet security or regulatory obligations.

To protect clients against accidental loss, we maintain the authoritative copy of workspace data and do not offer self-service deletion; deletion, and copies of a client's own business data, are handled by NVS on a verified request. NVS's automation code and platform internals are proprietary and are not exported or handed over — the client's deliverable is the working automation system NVS operates for them under a use license, not its underlying code.

09 Your Rights

9.1 — Access, correction, deletion, and opt-out

Subject to applicable law, you may request a copy of the information we hold, ask for corrections, request deletion, or opt out of marketing communications at any time. General questions can go to Hello@NVSautomate.com; data-access, export, and deletion requests should go to Admin@NVSautomate.com so we can verify and process them. We respond in accordance with applicable privacy laws.

10 Security

10.1 — How we protect your information

We use technical and organizational safeguards appropriate to the sensitivity of the data, including: encryption of credentials at rest (AES-256-GCM) and encryption in transit; tenant isolation enforced by database row-level security and application-layer checks; an append-only audit log of sensitive actions; signed, verified webhooks and rate-limited public endpoints; and restricted, logged staff access. No system can guarantee absolute security, and we encourage clients to maintain safe practices with their own credentials and accounts.

11 Children's Privacy

11.1 — Our services are for adults

While the Website contains general information accessible to all ages, our services are intended only for individuals 18 and older. We do not knowingly collect personal information from minors, and any such information we discover will be deleted promptly.

12 Changes to This Policy

12.1 — When we update this Policy

We may update this Privacy Policy to reflect changes to our services, legal requirements, or operational needs. If we make significant changes, we will update the effective date at the top of the page. Continued use of our Website or the Platform after changes are posted indicates acceptance of the updated policy.

13 Contact Us

13.1 — Questions or privacy concerns

You can reach us at Hello@NVSautomate.com for any questions about this Privacy Policy or your data, or at Admin@NVSautomate.com for access, export, and deletion requests.

Have a privacy question?

We're happy to help — reach out anytime.

Hello@NVSautomate.com