Back to VP Lab

VantagePoint Networks — site policy

Privacy Policy

Last updated: 18 April 2026 · Version 2.0

1. Who we are

This site (VP Lab) is operated by VantagePoint Networks, an independent IT and AI consultancy based in London, United Kingdom, trading under the VantagePoint Networks brand from www.vpnetworks.co.uk. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, VantagePoint Networks is the data controller for the limited personal data described in this policy.

Contact: info@vpnetworks.co.uk

2. Scope of this policy

This policy applies to the VP Lab website at the domain it is served from and its sub-paths. It does not apply to (a) our main consultancy website at www.vpnetworks.co.uk, (b) any private AI deployment we build for a client (which is governed by that client’s own contracts and data protection arrangements), or (c) any third-party site linked from VP Lab.

3. What this site is

VP Lab is a public demonstration environment for private-AI tools. The demos let you paste text or upload documents to see how an AI system processes them. The purpose is educational — to help prospective clients understand what a private deployment can do before engaging us for a full build.

4. What personal data we collect

We keep collection to the minimum necessary to operate the site.

  • Demo input: the text or document content you paste or upload when using a demo. This may contain personal data only if you choose to include it. It is sent to our AI processing provider (see section 6) for the duration of the request.
  • IP address: used transiently by our rate-limiter to prevent abuse. Held in in-memory cache only; not written to our persistent logs.
  • Contact details: if you email, WhatsApp, phone, or otherwise reach out via the links on this site, we hold the contact details you voluntarily provide for the purpose of responding and (if you engage us) performing the agreement.
  • Hosting platform telemetry: our hosting provider collects standard request metadata (timestamp, path, user-agent, response time, IP for security) for operational and security purposes. This is processed by the provider under its own terms — we do not control its retention or handling beyond what the provider publishes.

We do not run advertising cookies, build marketing profiles, sell personal data, or operate third-party analytics (such as Google Analytics) on this site.

5. Your responsibility for what you submit

You remain responsible for the content you paste or upload into the demos. By submitting content you confirm that you have the right to share it with us and with the third-party AI provider described in section 6.

Do not submit material you cannot lawfully share with an external service — including but not limited to: client files, third-party personal data, privileged material, trade secrets, regulated data (health, financial, special-category), or anything whose disclosure would breach confidentiality or professional obligations.

A private deployment with us is specifically designed to solve this problem: the same class of AI running on your own hardware with no external data transfer. Until that deployment exists, assume demo input will be processed by the third-party listed below and act accordingly.

6. Where demo input goes — the AI processing provider

When you use any VP Lab demo, the content you submit is forwarded to Groq, Inc., a US-based AI inference platform, for the duration of the request. Groq processes the content to produce the demo output and returns it to your browser.

At the time of writing, Groq publishes terms stating that it does not use API input to train its models. We relay this in good faith but cannot independently verify Groq’s internal practices, and Groq’s terms may change without notice. If you need a guarantee about data handling you should not use the public demos — instead, contact us to discuss a private deployment.

Our own application code does not retain demo input after the response to your request completes. We cannot guarantee, however, that intermediate infrastructure (your ISP, our hosting provider, Groq) does not transiently log metadata in the ordinary course of operating the internet.

7. International transfers

Use of the demos involves transferring your input to the United States (where Groq operates). Transfers to the US are covered by the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent safeguards offered by the processor, as applicable at the time of transfer.

By using the demos you acknowledge and accept this transfer. If this is not acceptable, do not use the demos.

8. Lawful basis

We process the limited data described in section 4 on the basis of legitimate interests (operating a demonstration environment, responding to enquiries, protecting the site from abuse), and, where you engage us, contract (to perform the agreement between us).

For any special-category data you might inadvertently include in demo input, we do not seek, require or solicit such data — the policy in section 5 makes this explicit — and we disclaim any lawful basis for processing it; if it is submitted it is submitted at your risk.

9. Automated processing

The AI output is produced by a large language model. It is a statistical process, not a decision made by VantagePoint Networks, and has no direct legal or similarly significant effect on you for the purposes of UK GDPR Article 22. You are free to disregard any output.

10. How long we keep data

  • Demo input: not retained by our application after the request completes. We do not control third-party processor retention; see their published policies.
  • Rate-limit metadata: typically discarded within an hour.
  • Hosting-provider logs: retained for up to 30 days in line with the provider’s default configuration.
  • Correspondence (email, WhatsApp, phone records): retained for up to 24 months, or longer where the enquiry leads to an engagement and record-keeping, tax, or professional-obligation reasons require it (typically up to 6 years).

These periods are targets, not guarantees. Where a legal, regulatory, or legitimate business reason requires longer retention, the longer period applies.

11. Sub-processors

The current list of sub-processors supporting the site is:

  • Vercel, Inc. — hosting, delivery, edge infrastructure.
  • Groq, Inc. — AI inference for the public demos only.
  • GitHub, Inc. — source code hosting (does not process end-user submissions).
  • Google Fonts — typeface delivery; loaded at build time, no runtime request from your browser.

We may change sub-processors or add new ones as our tooling evolves. Material changes will be reflected in this policy. You are responsible for checking this page periodically if sub-processor identity is material to you.

12. Security

We take reasonable technical and organisational measures to protect personal data, including HTTPS-only transport, rate-limiting, minimal data retention, and version-controlled infrastructure. No system is perfectly secure. We cannot and do not warrant that the site is free from vulnerabilities, interruption, or unauthorised access. By using the site you accept this residual risk.

13. Data breaches

If we become aware of a personal-data breach affecting your data, we will assess the risk and, where required by UK GDPR, notify the Information Commissioner’s Office within 72 hours and notify affected individuals without undue delay. This commitment is strictly limited to data we control; it does not extend to breaches at sub-processors, which are each responsible for their own notifications.

14. Your rights

Subject to the exemptions in the UK GDPR, you have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate data;
  • request erasure, subject to our legitimate business, legal or record-keeping interests;
  • object to processing, or request restriction;
  • request data portability;
  • lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, email info@vpnetworks.co.uk. We will respond within one month of receiving a valid request. We may ask for proof of identity before acting on a request.

15. Children

VP Lab is intended for adults and business users. It is not directed at children under 18 and we do not knowingly collect personal data from children. If you believe a child has submitted personal data to this site, contact us and we will remove what we can reasonably identify.

16. Links to other sites

VP Lab links to third-party sites (our main site, WhatsApp, the ICO, Groq, Vercel and others). We are not responsible for the privacy practices of those sites. You should read their privacy notices before submitting personal data to them.

17. Cookies

This site does not set advertising, analytics, or tracking cookies. A minimal set of strictly-necessary technical cookies may be set by our hosting provider for load-balancing, security, and session integrity. These are required for the site to function and cannot meaningfully be declined while still using the site.

18. No warranty regarding third parties

We select sub-processors in good faith but cannot warrant their privacy practices, security posture, or continued compliance with any particular standard. To the extent permitted by law, VantagePoint Networks is not liable for any act or omission of a third-party sub-processor acting outside our reasonable control.

19. Changes to this policy

We may update this policy from time to time. The “last updated” date and version number at the top reflect the most recent revision. Material changes may be flagged on the VP Lab homepage for a reasonable period. Continued use of the site after a change takes effect means you accept the revised policy.

20. Contact & complaints

For any privacy question, rights request, or concern, email info@vpnetworks.co.uk. If you are not satisfied with our response, you have the right to complain to the ICO at ico.org.uk.

VantagePoint Networks · London, United Kingdom · Independent since 2020 · www.vpnetworks.co.uk