1. Introduction

Vantage Point Strategy Group LLC ("VPSG," "we," "us," or "our") operates the BRI™ Intelligence portal and related services (the "Service"). This Privacy Policy describes how we collect, use, store, and protect information you provide when using our Service. By creating an account or using the Service, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

• Account Information: Your name, email address, password, and account type (Business Administrator or Consultant/Broker) when you create an account.
• Billing Information: Payment and subscription data processed through Stripe. VPSG does not store credit card numbers or full payment details — these are handled directly by Stripe under their own privacy and security standards.
• Uploaded Files: Benefits data files you upload to run BRI™ Intelligence analyses, including payroll registers, enrollment reports, carrier census data, carrier invoices, plan documents, and supplemental reports.
• Usage Data: Information about how you use the Service, including diagnostic run history, risk scores, findings, and timestamps.
• Client Records: For Consultant/Broker accounts, any client names and contact information you enter into the portal to organize your diagnostic runs.
• Communications: Any messages or feedback you send to us through the portal or by email.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the BRI™ Intelligence Service
• Process your subscription and manage billing through Stripe
• Run AI-powered benefits reconciliation analysis on your uploaded files
• Save and display your diagnostic run history and reports
• Send you service-related communications, announcements, and account notifications
• Respond to your support requests and inquiries
• Comply with legal obligations

We do not sell your personal information or uploaded data to third parties. We do not use your uploaded benefits data for any purpose other than providing the analysis you requested.

4. Uploaded Benefits Data

You may upload files containing sensitive employee benefits information, including personally identifiable information (PII) about your employees or clients' employees. By uploading these files, you represent and warrant that you have the legal authority to share this data and that you have obtained any required consents from the individuals whose data is included.

Uploaded file contents are processed by our AI analysis engine (powered by Groq) to generate your diagnostic findings. File contents are not shared with third parties beyond what is necessary to perform the analysis. We retain uploaded file data as part of your diagnostic run history in accordance with your subscription plan's retention terms.

You are solely responsible for ensuring your use of the Service complies with applicable data protection laws, including HIPAA if applicable to your organization.

5. Data Retention

• Active Subscribers: Diagnostic run history and reports are retained for the duration of your active subscription plus 90 days after cancellation.
• Non-Subscribers / Single Run: Diagnostic run results are retained for 30 days from the date of the run, after which they are no longer accessible through the portal.
• Account Data: Account information is retained until you request account deletion.

To request deletion of your data, contact us at admin@vantagepointstrategygroup.com.

6. Third-Party Services

We use the following third-party services to operate the Service:

• Supabase: Authentication and database storage. Your account data and diagnostic history are stored in Supabase's secure infrastructure.
• Stripe: Payment processing and subscription management. Stripe handles all payment data under their own privacy policy and PCI DSS compliance standards.
• Groq: AI processing engine used to analyze your uploaded files and generate diagnostic findings.
• Netlify: Website and application hosting.

Each of these providers maintains their own privacy and security policies. We encourage you to review their policies if you have questions about how they handle data.

7. Data Security

We implement industry-standard security measures to protect your information, including encrypted data transmission (HTTPS), secure authentication through Supabase, and row-level security policies that ensure users can only access their own data. However, no method of transmission or storage is 100% secure. You use the Service at your own risk and are responsible for maintaining the confidentiality of your login credentials.

8. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Export your diagnostic run history
• Opt out of non-essential communications

To exercise any of these rights, contact us at admin@vantagepointstrategygroup.com.

9. Cookies and Tracking

The Service uses session cookies and local storage to maintain your authenticated session. We do not use tracking cookies for advertising purposes. We do not sell data to advertisers or data brokers.

10. Children's Privacy

The Service is intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting an announcement in the portal or by email. Your continued use of the Service after any update constitutes acceptance of the revised policy. The effective date at the top of this page reflects the date of the most recent revision.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Oklahoma, without regard to its conflict of law provisions.