1. Data Categories We Process
We collect the minimum data necessary to run Vertali Media and to respond to your outreach. The matrix below summarises the categories, why we use them, and how long we keep them.
| Data category |
Primary purpose & legal basis |
Retention |
| Site usage telemetry |
Maintain platform availability, enforce wellness safeguards, detect fraud, and produce security analytics. Processing is grounded in Vertali Media’s legitimate interests in delivering and protecting the service. |
Stored for up to 24 months before aggregation or deletion. |
| Contact submissions |
Respond to media inquiries, facilitate partnership negotiations, and deliver requested materials. Processing is necessary to perform or prepare a contract and, where required, relies on your consent. |
Retained for approximately 18 months to manage follow-ups. |
| Administrator account data |
Authenticate users, assign roles, and maintain audit logs. Processing is required to fulfil contractual obligations and comply with legal requirements for security record-keeping. |
Kept while the account remains active and for 12 months thereafter, unless laws demand a shorter period. |
2. Purposes & Legal Bases
Beyond the summary above, we may process personal data to satisfy regulatory obligations, comply with lawful requests, or deliver optional updates you opt into. We rely on legitimate interests to operate and secure the platform, contractual necessity when providing requested services, and consent for optional analytics or communications. You may withdraw consent at any time without affecting prior lawful processing.
3. Third-Party Processors
Vertali Media engages vetted providers that help us deliver the experience. Each partner signs data-processing agreements, implements industry security standards, and processes personal data only on our documented instructions.
- Cloud hosting & storage: secure infrastructure that powers Vertali’s application and databases.
- Email and communications: transactional message delivery for contact responses and admin notices.
- Monitoring & observability: tools that record uptime metrics and anomalies to protect the service.
- Support operations: limited-access ticketing or customer success platforms to track outreach history.
4. Automated Decision-Making
Automated wellness and moderation systems analyse viewing telemetry and admin signals to enforce session limits, throttle abusive requests, and surface anomalies. A human reviews impactful outcomes, and you can request manual reconsideration by contacting privacy@vertali.media.
5. Cross-Border Transfers
Personal data may be processed in the United States and other locations where our processors operate. When transferring from the EU, UK, or similar regions we rely on recognised safeguards, including Standard Contractual Clauses, supplementary security controls, and periodic assessments of partner practices.
6. Your Rights & How to Exercise Them
Depending on your jurisdiction you may have the right to access, correct, delete, restrict, or port your personal data, as well as to object to certain processing or automated decisions. Send requests or appeals to privacy@vertali.media. We generally respond within 30 days and will outline escalation routes—including supervisory authorities or industry ombuds services—if you disagree with our response.
7. Contacting Us
Vertali Media’s Data Protection Office can be reached at 1230 Peachtree Street NE, Suite 1900, Atlanta, GA 30309, USA. Email privacy@vertali.media for Data Subject Access Requests (DSARs), account questions, or appeals. If you prefer another escalation channel, contact privacy@vertali.media and we will coordinate with the appropriate privacy authority.
Accountability for Data Stewardship
Vertali Media treats privacy as a core governance obligation administered by the Data Protection Office, the Platform Governance Office, and the Board’s Risk, Compliance, and Ethics Committee. These bodies collaborate to ensure that all data handling practices align with internationally recognized principles of digital rights, data governance, and ethical AI standards.
Comprehensive data inventories catalogue each dataset maintained by Vertali Media, the systems where it resides, and the custodians responsible for oversight. Inventories are updated quarterly and cross-checked against retention schedules, ensuring that information lifecycle controls match the commitments outlined in this Privacy Policy.
Vertali Media’s AI systems may automatically evaluate users’ historical engagement, viewing behavior, and interaction patterns—including records maintained since the inception of Vertali Media—to inform compliance, moderation, recommendation, or access management decisions. These evaluations are subjected to privacy impact assessments that document lawful bases, safeguards, and proportionality reviews before deployment.
We enforce strict role-based access controls so that only personnel with a demonstrable need may handle personal information. Access requests require managerial approval, are time-bound, and are logged within our security operations platform, enabling detailed audit trails and periodic reviews of user permissions.
Any data incident triggers a documented response protocol that includes containment, forensic analysis, notification, and remediation stages. Incident reports are archived and assessed during post-mortem reviews to ensure that lessons learned translate into updated technical and organizational measures.
All vendors and integration partners undergo privacy due diligence that evaluates security certifications, governance practices, and AI accountability frameworks. Contracts incorporate data protection obligations, audit rights, and requirements to support Vertali Media’s user rights workflows.
User Transparency & Control
We maintain a Privacy Control Center that centralizes notices, consent management, and request submission channels. Users can review current preferences, opt out of optional analytics, and monitor the status of requests in progress.
Notices are layered to balance clarity and depth: concise summaries appear at the point of collection, while detailed explanations link to the relevant clauses of this Privacy Policy. Whenever our practices change materially, Vertali Media issues proactive alerts describing the nature of the change, the data types affected, and the steps users may take if they prefer not to participate.
When automated decisions materially impact access, the affected user receives an explanation outlining the factors considered, the role of historical engagement data, and the availability of human review. Appeals are prioritized within our response queues and are tracked to confirm completion within the timelines promised.
We provide downloadable reports that summarize the categories of data associated with an account, the sources from which it originated, and the sharing partners with whom it has been disclosed. Reports are generated in machine-readable formats to facilitate data portability rights.
Where legal regimes require enhanced protections for minors or sensitive classifications, Vertali Media applies heightened verification procedures, additional consent requirements, and restricted processing rules. These obligations are documented in supplementary guidance and audited for compliance.
Our transparency commitments extend to algorithmic explainability. Model cards document input features, fairness testing methodologies, and governance checkpoints. Summaries of these model cards are available to users, and detailed versions are reviewed by independent experts engaged by Vertali Media.
Retention, Deletion & Archiving
Retention schedules classify each dataset by sensitivity, purpose, and regulatory requirements. Automated workflows initiate deletion or anonymization once retention triggers are met, and completion reports are logged for audit verification.
Users can request expedited deletion or anonymization through the Privacy Control Center. Requests are evaluated to ensure that fulfilling them does not conflict with legal obligations or ongoing security investigations. When we cannot delete data immediately, we explain the rationale, identify the anticipated timeframe, and document interim safeguards.
Archived data used for compliance or scientific research is segregated from active systems, encrypted, and governed by additional access controls. Researchers accessing anonymized datasets must agree to ethical use commitments and data minimization requirements, ensuring that no re-identification attempts occur.
Backup copies, disaster recovery environments, and logging platforms observe the same retention principles. Restoration exercises confirm that deletion workflows propagate appropriately, avoiding inadvertent resurrection of records beyond their authorized lifecycle.
Vertali Media monitors evolving international expectations for data retention and deletion. When standards shift, we update schedules promptly, communicate the changes to users, and adjust automated workflows to maintain alignment.
Collectively, these retention, deletion, and archiving controls ensure that personal information persists only for as long as necessary to meet documented obligations while preserving user trust and regulatory compliance.
8. AI Ethics & Algorithmic Transparency
Our AI systems operate with privacy-preserving design principles. We minimize personal data collection in algorithmic processes, employ differential privacy techniques where possible, and provide clear explanations of automated decisions affecting user experience.
Users can access their algorithmic profiles, understand how recommendations are generated, and opt out of AI-driven personalization. We conduct regular bias audits across demographic groups and publish fairness metrics in our annual transparency reports. All AI model training is documented with data sources and ethical review processes.
9. Environmental Impact & Green Computing
Vertali Media minimizes environmental impact through energy-efficient data center design, renewable energy sourcing, and optimized content delivery networks. We measure and report our carbon footprint including streaming emissions, data storage energy consumption, and network efficiency metrics.
We implement green encoding standards that maintain quality while reducing bandwidth requirements, use edge computing to decrease data transfer distances, and partner with cloud providers committed to renewable energy. Our target is carbon-neutral streaming operations by 2026.
10. International Data Transfers
For international data transfers, we implement appropriate safeguards including Standard Contractual Clauses, adequacy determinations, and supplementary security measures. EU user data receives enhanced protections including explicit consent requirements and local representation options.
We maintain data processing inventories that catalog each dataset, storage location, and applicable legal frameworks. Cross-border data flows are documented with legal bases, transfer mechanisms, and protection measures for each jurisdiction where we operate.
11. Content Moderation & User Safety
Our content moderation systems incorporate privacy-preserving techniques and human oversight. Automated filtering is designed to minimize unnecessary data collection while maintaining platform safety. Users can report privacy concerns related to moderation decisions through dedicated channels.
We maintain transparency reports about moderation volume, accuracy rates, and appeal outcomes. Privacy impact assessments are conducted before deploying new moderation technologies, and user rights are balanced with safety requirements throughout our enforcement processes.
