ValiantOS

Privacy Policy

Last updated: June 11, 2026

ValiantOS is operated by Valiant Technologies (“ValiantOS,” “we,” “us”). ValiantOS is a workspace for service businesses: a CRM, scheduling, messaging, marketing, and payments platform run by AI agents. This policy explains what we collect, why, and the choices you have. It applies to valiant-os.com, app.valiant-os.com, the ValiantOS desktop app, and related services.

What we collect

  • Account information — your name, email address, password (stored as a salted hash by our authentication provider), and workspace settings.
  • Business data you bring — contacts, deals, calendars, forms, documents, messages, and anything else you or your team put into your workspace. This data belongs to you.
  • Connected accounts (with your explicit consent) — if you connect a mailbox (Gmail or Microsoft 365), accounting (QuickBooks), payments (Stripe), texting (Twilio), or another integration, we access only the scopes you grant, to provide the features you asked for. You can disconnect any integration at any time from Settings.
  • Usage and device data — log data, feature usage, and analytics (we use Google Analytics on our public site) to operate and improve the product.
  • Payment information — handled by Stripe. We never see or store full card numbers.

How we use it

  • To provide, secure, and improve ValiantOS.
  • To power your AI agents: your workspace data is the context your agents use to draft emails, schedule appointments, track deals, and prepare digests — for your workspace only.
  • To bill subscriptions and meter plan usage.
  • To communicate with you about the service.

We do not sell your personal information, and we do not use your business data to train AI models.

AI processing

ValiantOS uses large language models from providers such as Anthropic and Google to generate drafts, answers, and summaries. Content needed to fulfill your request is sent to these providers to produce a response. Under our agreements, these providers do not use data submitted through our integrations to train their models. AI-generated content can be inaccurate — outbound actions (emails, texts, payment requests) are queued for human approval before anything is sent.

If you use the desktop app’s “local brain,” your conversations with Val run through your own AI assistant and your own AI subscription on your device. Your AI-provider credentials stay in that assistant’s own credential store on your machine — they are never transmitted to or stored by ValiantOS.

Google user data (Limited Use disclosure)

If you connect a Google account (Gmail, Google Business Profile, or Search Console), ValiantOS’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Gmail data is used only to provide user-facing features you request (inbox context, drafting in your voice, follow-up tracking); it is not used for advertising, not sold, not used to train generalized AI models, and not read by humans except with your explicit permission, for security, or to comply with law. You can revoke access at any time from Settings or from your Google account permissions.

Text messaging

SMS features run through your connected Twilio account and are subject to carrier registration (A2P 10DLC). We store consent and opt-out records for your contacts and automatically honor STOP requests. Message content is processed to provide the service and retained as part of your workspace records.

Who processes data on our behalf

Our subprocessors include:

  • Supabase (database, authentication, file storage)
  • Cloudflare (hosting, networking, security)
  • Hetzner (background job infrastructure, EU)
  • Anthropic and Google (AI model providers)
  • Stripe (payments and billing)
  • Postmark (transactional email)
  • Twilio (SMS, via your connected account)
  • Inngest (job orchestration)
  • Google Analytics (public-site analytics)

Each processes data only as needed to provide their service to us, under their own security and privacy commitments.

Retention and deletion

Your workspace data is retained while your account is active. If you close your account (or ask us to), we delete your workspace data within 30 days, and it ages out of encrypted backups within 35 days after that. Some records (e.g., billing) may be retained longer where the law requires.

Security

Data is encrypted in transit (TLS) and at rest. Workspaces are isolated with database-level row security, access tokens are stored hashed, and we keep nightly encrypted off-site backups. See our Security overview for details. No system is perfectly secure; if a breach affects your data, we will notify you as required by law.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, or to object to certain processing. Email josue@valiant-os.com and we will honor verified requests. We do not discriminate against you for exercising privacy rights.

Cookies

We use essential cookies for sign-in and session security, and analytics cookies on our public site. We do not use advertising cookies.

Children

ValiantOS is a business product and is not directed to anyone under 16. We do not knowingly collect personal information from children.

Changes

We will update this policy as the product evolves and note the date above. Material changes will be communicated in the product or by email.