Privacy Policy

How we handle information on the Vireon website.

Effective April 22, 2026

Introduction

This Privacy Policy explains how Vireon Gov (“Vireon,” “we,” “us”) handles information collected through our website at vireongov.com (the “Site”). It applies to visitors and anyone who submits a form on the Site.

This policy covers the marketing Site only. Use of the Vireon SaaS product (the grant-management platform) is governed by a separate written agreement between Vireon and each customer organization, which includes its own data-processing terms.

What we collect

Information you give us voluntarily

When you submit the Demo Request or Contact Us form on the Site, we receive the information you provide: your name, work email address, organization, and (for Contact Us) the topic you selected and any message content.

If you submit information about someone else — for example, if you enter a colleague’s contact information on their behalf — you represent that you have their authority to share it with us, and you agree to let them know that Vireon may contact them.

Information collected automatically

Like any hosted website, our infrastructure captures standard web request metadata: your IP address, browser type and version, pages viewed, and timestamps. This is produced by our cloud hosting infrastructure in the course of serving the Site to you. We do not load any analytics SDK, advertising pixel, or cross-site tracking script.

Local device storage

For your convenience, when you submit a form we also save a copy of the submission to your own browser’s localStorage (keys vireon_demo_requests and vireon_security_contacts), so you can review what you sent. This data stays on your device; we do not read it back or transmit it separately.

What we don’t collect

To keep this clear: on the marketing Site, we do not set any tracking cookies from our own code, we do not use Google Analytics, Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, Hotjar, Mixpanel, Segment, Plausible, PostHog, or any equivalent analytics or advertising service. We do not access your camera, microphone, or geolocation — our Permissions-Policy HTTP header blocks these at the browser level. We do not purchase data about visitors from third parties.

Our hosting infrastructure may set technical cookies of its own (for example, for traffic routing or abuse prevention). These cookies are governed by the hosting provider’s own privacy practices and are not controlled by Vireon.

Do Not Track. Because the Do Not Track (“DNT”) standard is not uniformly implemented across browsers and services, we currently do not change our behavior based on DNT signals. Since we do not load any tracking or analytics SDKs on the Site, there is also no cross-site tracking for DNT to stop.

How we use your information

To respond to your inquiry. When you submit a Demo Request or Contact Us form, we use your contact details and message content to reply, schedule a demo, walk through our security posture, or answer a procurement question.

To deliver materials you request. If you request a Data Processing Agreement, a security questionnaire response, or other documentation, we use your contact details to send it to you.

To follow up on active conversations. If we’re in an ongoing sales or evaluation discussion, we may reach out from time to time with relevant updates. You can opt out at any time by replying to any email or contacting privacy@vireongov.com.

To operate and secure the Site. Standard server logs help us diagnose errors, prevent abuse, and keep the Site available.

To meet legal and compliance obligations. We retain records as required by applicable law and to establish, exercise, or defend legal claims.

We do not use your information for advertising, we do not build behavioral profiles, and we do not sell, rent, or monetize it in any way.

Who we share it with

Service providers (subprocessors)

We share limited information with vendors that help us operate the Site:

  • Our cloud hosting and form-submission provider — hosts the Site and processes form submissions. SOC 2 Type 2 certified, US-based.
  • Google — when your browser loads Google Fonts (Inter, DM Sans) to render the Site, Google sees the IP address and user agent making the request. This is standard CDN behavior, not account-level data.

A current list of named subprocessors, including those used by our Vireon SaaS product, is available on request at privacy@vireongov.com. See our security overview for a summary of how data flows through our infrastructure.

Legal compliance

We may disclose information if required by law, valid legal process, or to protect our rights, safety, or property, or those of others.

No sale of personal information

Vireon does not sell or share your personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act.

Data retention

We keep personal information only for as long as necessary to fulfill the purposes described in this policy. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal, contractual, or regulatory requirements.

In practice, form submissions are retained in our form-submission infrastructure for up to 30 days by default, or longer if you become an active prospect and we move the conversation into our CRM or email system. Server request logs are retained per our hosting provider’s standard retention.

Local-browser copies of your submissions persist until you clear your browser’s site data. You can request deletion of any information we hold about you at any time by emailing privacy@vireongov.com.

Security

All communication with the Site is encrypted in transit with TLS 1.3. Form submissions and server logs live with subprocessors who hold SOC 2 Type 2 certifications. For the full security posture of our product — including encryption at rest, infrastructure, AI-specific safeguards, and compliance roadmap — see our Security page.

No security measures are failsafe. While we work hard to protect information about you, no internet transmission or electronic storage system can be guaranteed 100% secure. If you ever believe your interaction with the Site has been compromised, please contact us at security@vireongov.com.

Your rights

Regardless of where you live, you can ask us to:

  • Tell you what personal information we hold about you.
  • Correct inaccurate information.
  • Delete information we no longer need.
  • Provide a portable copy of your information.
  • Stop contacting you (reply to any email, or email the address below).

Send requests to privacy@vireongov.com. We’ll reply within 30 days (or sooner where a shorter statutory deadline applies).

California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights.

What we collect about you

  • Identifiers: name, email address, organization.
  • Internet or network activity: IP address, browser type, pages viewed, timestamps (through standard web server logs).

Where we get it

Directly from you (when you fill in a form), and automatically from your browser (when it loads the Site).

Why we use it

To communicate with you about your inquiry. We do not use it for targeted advertising, profiling, or automated decisions that produce legal effects.

Sale / sharing

We do not sell your personal information and we do not share it for cross-context behavioral advertising, as those terms are defined in the CCPA.

Your California rights

  • The right to know what we’ve collected, used, and shared.
  • The right to delete personal information we hold about you, subject to legal exceptions.
  • The right to correct inaccurate information.
  • The right to limit use of sensitive personal information (we don’t collect any on the Site).
  • The right not to be discriminated against for exercising these rights.

Exercise these rights by emailing privacy@vireongov.com with “California Privacy Request” in the subject line. We will verify your identity through the email address you contact us from.

EU/UK visitors (GDPR)

If you are in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) applies to our processing of your personal information.

Legal bases

  • Consent when you voluntarily submit a form.
  • Legitimate interest in responding to your inquiry, operating the Site securely, and keeping simple server logs.

Your rights

  • Access, rectification, erasure, restriction, portability, and objection.
  • Withdraw consent at any time (this does not affect prior processing).
  • Lodge a complaint with your national data protection authority.

International transfers

Our hosting infrastructure is located in the United States. Where transfers of personal information from the EEA or UK to the US occur, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK transfer mechanisms with our subprocessors.

Contact privacy@vireongov.com to exercise any GDPR right.

Children’s privacy

The Site is intended for business and government professionals. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently received such information, please contact us and we’ll delete it.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the effective date at the top of the page. If you are an active contact of ours, we will also notify you by email before the change takes effect.

Contact us

Questions, requests, or concerns about this policy? Email privacy@vireongov.com. You can also reach our security team through the Security page.

Postal mail may be directed to Vireon Gov — mailing address available on request at the email above.