Skip to content
Ventral AI

Legal

Privacy policy

How Ventral Vision d.o.o. za usluge (operating as Ventral AI) collects, uses, and protects personal information.

Last updated April 23, 2026Version 1.1.0

Who we are

This website is operated by Ventral Vision d.o.o. za usluge ("we", "us", "our"), the legal entity operating as Ventral AI.

  • Registered office: Ražanac X 23A, 23248 Ražanac, Croatia
  • OIB (tax ID): 18762945075
  • MBS (court registry): 110148308
  • Court of registration: Trgovački sud u Zadru (Commercial Court in Zadar)
  • Director: Bare Luka Žagar
  • General contact: info@ventral.ai

We are the data controller for personal information processed through this website.

For any privacy questions, data subject requests, or complaints, email privacy@ventral.ai.

What this policy covers

This policy describes how we handle personal information when you visit ventral.ai, submit the contact form, or otherwise interact with the website. It does not cover data we process under a separately signed agreement with a customer — that processing is governed by the relevant contract and Data Processing Agreement.

Information we collect

Information you provide. When you submit the contact form, request a demo, or correspond with us by email, we collect what you share — typically your name, work email, company name, and a short description of your inquiry.

Information collected automatically. Our web server logs basic request data (IP address, user agent, referring URL, requested path, timestamp) for security and abuse-prevention purposes. If you grant analytics consent via the cookie banner, we also load a privacy-respecting analytics script that records aggregated page views. We do not use cross-site tracking cookies.

Anti-spam signals. The contact form is protected by Cloudflare Turnstile. When you submit, your IP and a Turnstile challenge token are sent to Cloudflare for verification. We also keep a short-lived per-IP rate-limit counter (up to 10 minutes) on our own server to prevent abuse.

How we use information

  • Respond to your enquiries and deliver the products or services you request
  • Operate, maintain, and secure the website
  • Measure the performance of our content (only with your consent)
  • Comply with legal obligations and enforce our terms

We do not sell personal information and we do not share it for cross-context behavioral advertising.

Legal bases (GDPR)

  • Contract / pre-contract — responding to requests and delivering services you ask for
  • Legitimate interests — securing the site, preventing abuse, and improving our products
  • Consent — optional analytics and any future marketing cookies, withdrawable at any time via the cookie banner
  • Legal obligation — when we must retain or disclose information to comply with law

Sub-processors

We rely on a small set of vendors to operate the website. Each is bound by a data-processing agreement and processes data only on our instructions.

| Vendor | Purpose | Data processed | | -------------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------------ | | Hostinger International Ltd (EU) | Website hosting, DNS, contact-form runtime | Request metadata, form submissions in transit, rate-limit counters | | Google LLC — Google Workspace | Business email; contact-form messages delivered to our inbox | Contact-form contents, email metadata | | Cloudflare, Inc. | Anti-spam challenge (Turnstile) on the contact form | IP address, Turnstile challenge token | | Plausible Insights OÜ (EU) — when analytics consent is granted | Aggregated, cookie-free page-view metrics | Anonymised visit data |

A current, detailed sub-processor list is available to customers and auditors on request.

International transfers

Some of our sub-processors (notably Google) may process data outside the EEA. Where required, we rely on appropriate safeguards — typically the European Commission's Standard Contractual Clauses — to ensure personal information receives an adequate level of protection.

Retention

We keep personal information only as long as necessary for the purposes described here, or as required by law.

  • Contact-form submissions — retained in our inbox while we correspond with you and for a reasonable period afterwards for record-keeping, then deleted on request or in line with our internal retention policy.
  • Rate-limit counters — 10 minutes, then auto-expired.
  • Server access logs — 30 days, then rotated by the host.

Your rights

Under the GDPR you have the right to access, correct, export, or delete personal information we hold about you, to object to or restrict certain processing, to withdraw consent you have given, and to lodge a complaint with your local data protection authority. In Croatia, that authority is the Agencija za zaštitu osobnih podataka (AZOP): azop.hr.

To exercise any of these rights, email privacy@ventral.ai. We respond to valid requests within 30 days.

Security

We protect personal information with encryption in transit (TLS 1.2+), provider-side encryption at rest, access controls, and audit logging. See our security commitment for details.

Children

Our services are not directed at children under 16 and we do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. When we do, we update the "Last updated" date at the top. Material changes will be communicated as appropriate.

Contact