Legal
Privacy Policy
This Privacy Policy explains how VortexAQ from 10x National Security collects, uses, shares, protects, and retains personal information when you visit our website, contact us, request a briefing, apply for roles, use our products or services, attend events, visit our facilities, or otherwise interact with us.
For privacy questions, data rights requests, deletion requests, or other privacy-related inquiries, contact us at privacy@vortexaq.com.
Last updated: June 23, 2026
Scope
This policy applies to personal information handled by VortexAQ from 10x National Security in connection with vortexaq.com, our business development, recruiting, events, security operations, products, services, APIs, developer tools, hosted environments, and related business activities. It does not apply to third-party websites, platforms, or services that we do not control.
If we provide additional privacy notices, data processing terms, product terms, security terms, customer agreements, or employment notices for a specific product, service, application, employment process, or contract, those notices may supplement or supersede this Privacy Policy for the applicable activity or relationship.
Personal information we collect
The personal information we collect depends on how you interact with us. It may include:
- Contact and identity information, such as name, email address, phone number, mailing address, employer, title, organization, account identifiers, billing contact details, and professional profile information.
- Business communications, such as messages, requests, meeting notes, feedback, event registrations, support communications, and information you provide when contacting us.
- Account and product information, such as login details, workspace or project metadata, organization settings, API key metadata, role and permission settings, usage records, audit logs, configuration data, deployment metadata, billing data, and support history.
- AI and service data, such as prompts, inputs, outputs, files, retrieval context, tool calls, traces, model routing metadata, evaluation data, logs, cost records, policy decisions, and related telemetry processed through VortexAQ products or services.
- Recruiting and employment information, such as resume or CV details, education, work history, qualifications, references, interview notes, compensation expectations, eligibility to work, veteran status where voluntarily provided, and other information needed to evaluate candidates.
- Security and facility information, such as visitor logs, badge records, access records, camera footage where used, and information needed to protect personnel, facilities, systems, and sensitive projects.
- Technical and usage information, such as IP address, browser type, device identifiers, operating system, referring pages, pages viewed, timestamps, approximate geolocation derived from IP address or network information, website interaction data, diagnostic data, and product usage data.
- Compliance and diligence information, such as information needed for supplier, subcontractor, partner, customer, export control, sanctions, procurement, security, or regulatory reviews.
- Sensitive information, only where appropriate and permitted, such as government identification, citizenship or immigration status, security clearance information, disability or accommodation information, health or safety information, or demographic information voluntarily provided in recruiting or compliance contexts.
We do not intentionally collect sensitive personal information through public website channels unless you choose to provide it or it is necessary for a specific business, security, legal, product, support, or employment purpose.
Customer data and AI processing
When VortexAQ from 10x National Security processes customer content, prompts, outputs, files, logs, traces, or other data on behalf of a customer, our use of that data is governed by the applicable customer agreement, data processing terms, product terms, or written instructions. We use customer data to provide, secure, operate, support, monitor, debug, improve, and enforce the applicable services.
We do not use customer prompts, outputs, files, or other customer content to train third-party foundation models unless the applicable customer agreement or written instruction allows it. Some third-party model providers, infrastructure providers, or subprocessors may process data as needed to provide selected services, subject to applicable agreements and product configuration.
Do not submit classified, export-controlled, proprietary, sensitive, confidential, or regulated information through public website channels unless we have expressly authorized that transmission method in writing. Product environments may include separate controls, terms, and security requirements for sensitive workloads.
Sources of information
We may collect information:
- directly from you, such as through messages, forms, applications, calls, meetings, product signups, API usage, support requests, or events;
- automatically through our website, products, services, APIs, logs, security systems, and telemetry;
- from service providers, recruiting platforms, professional networks, references, background check providers, model providers, infrastructure providers, identity providers, analytics providers, or public sources;
- from customers, suppliers, contractors, partners, government entities, or other organizations involved in our work.
Cookies and similar technologies
Our website and services may use cookies, server logs, analytics tools, pixels, tags, local storage, SDKs, or similar technologies to operate the website and services, authenticate users, remember preferences, understand performance, diagnose issues, protect against abuse, improve visitor and product experience, and support security or compliance functions.
Based on the current implementation of our public website, we do not use third-party advertising pixels, cross-site retargeting tags, or session replay tools. If we add technologies such as Google Analytics, Microsoft Clarity, HubSpot, LinkedIn Insight Tag, Meta Pixel, or similar services, we will update this policy and provide any legally required notice, consent, or opt-out mechanism.
You can adjust cookie settings through your browser controls. Some features may not function properly if cookies are disabled. Where legally required, we recognize browser-based opt-out preference signals such as Global Privacy Control (GPC).
How we use personal information
We may use personal information to:
- operate, maintain, secure, and improve our website, products, services, APIs, facilities, systems, and business operations;
- provide, deploy, administer, monitor, support, debug, and improve VortexAQ products and services;
- authenticate users, manage accounts, manage permissions, route requests, enforce policies, process usage, and maintain audit records;
- respond to inquiries, support requests, proposals, and business opportunities;
- communicate with customers, partners, suppliers, candidates, visitors, and other contacts;
- evaluate vendors, subprocessors, subcontractors, partners, and potential business relationships;
- process job applications, evaluate candidates, conduct interviews, and support recruiting;
- manage events, meetings, facility access, visitor records, and physical security;
- protect the safety, security, and integrity of personnel, facilities, information, products, systems, models, APIs, and networks;
- detect, prevent, investigate, or respond to fraud, cyber incidents, abuse, misuse, policy violations, or unlawful activity;
- comply with contracts, procurement requirements, export controls, sanctions rules, employment laws, security obligations, legal process, and regulatory requirements;
- maintain records, perform audits, enforce agreements, resolve disputes, and defend legal claims;
- analyze website performance, service reliability, cost, trends, and business operations, including through aggregated or de-identified information.
We do not sell personal information.
Legal bases for processing
Where privacy laws require a legal basis for processing, we rely on one or more of the following bases:
- performance of a contract or steps taken before entering into a contract;
- our legitimate interests, such as operating our business, providing and improving our services, protecting systems and facilities, recruiting, and communicating with business contacts;
- compliance with legal obligations;
- protection of vital interests, safety, security, national security interests, or public interest where applicable;
- your consent, where required or appropriate.
You may withdraw consent where processing is based on consent, but withdrawal will not affect processing that occurred before withdrawal or processing based on another lawful basis.
How we share information
We may share personal information with:
- Affiliates and related entities, where needed for business operations, security, recruiting, compliance, or administration.
- Service providers and subprocessors, such as cloud hosting providers, model providers, content delivery networks, analytics providers, cybersecurity providers, communications providers, recruiting and background check providers, identity providers, AI service providers, payment processors, legal, accounting, consulting, insurance, and other operational providers.
- Customers, partners, suppliers, and contractors, where needed to evaluate, perform, or support business relationships, products, services, and contracts.
- Government, law enforcement, national security, regulatory, or public authorities, where required or appropriate under law, contract, procurement, security, or legal process.
- Professional advisors, such as attorneys, auditors, accountants, insurers, consultants, and other advisors.
- Transaction parties, such as potential investors, lenders, acquirers, successors, or advisors in connection with a financing, merger, acquisition, reorganization, sale of assets, or similar transaction.
- Other parties with your direction or consent, or where disclosure is necessary to protect rights, safety, security, property, or legal interests.
We do not knowingly sell personal information for money. We also do not knowingly share personal information of children under 16 for cross-context behavioral advertising.
If we offer hosted products, customer portals, developer tools, APIs, or software-as-a-service environments, we may use additional service providers or subprocessors to host, secure, operate, support, monitor, and improve those services. Product-specific privacy, security, data processing, or customer agreement terms may provide additional details.
International transfers
VortexAQ from 10x National Security is based in the United States. If you access our website, products, or services from outside the United States, your personal information may be processed in the United States and other countries where we or our service providers operate.
Where required, we use appropriate safeguards for international transfers, which may include contractual commitments, data protection agreements, standard contractual clauses, or other mechanisms permitted by law.
Security
We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These safeguards may include access controls, logging, encryption, security monitoring, personnel training, vendor diligence, vulnerability management, and incident response procedures.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Data retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this policy, comply with legal obligations, support security and audit requirements, perform contracts, resolve disputes, enforce agreements, and maintain business records.
Retention periods may vary based on the type of information, the context in which it was collected, legal requirements, contract requirements, security needs, product configuration, customer instructions, and whether the information is needed for an active relationship, investigation, claim, or dispute. When information is no longer reasonably needed, we may delete, de-identify, aggregate, archive, or securely retain it as permitted or required by law.
Examples of typical retention periods include:
- recruiting records are generally retained for up to three years after the recruiting process ends, unless a longer period is needed for legal, audit, security, or talent pipeline purposes;
- website, product, API, and security logs are generally retained for up to twenty-four months, unless needed for security investigations, incident response, legal holds, customer instructions, or compliance requirements;
- visitor records are generally retained for up to two years, depending on facility, customer, and security requirements;
- security camera footage, where used, is generally retained for up to ninety days unless needed for security, legal, safety, or investigative purposes;
- business contact, account, billing, and contract records are retained for the life of the relationship and for a reasonable period afterward for audit, compliance, dispute resolution, and recordkeeping purposes.
De-identified and aggregated information
We may create de-identified, anonymized, or aggregated information from personal information and use it for analytics, security, research, reporting, product improvement, and business purposes. We will not attempt to re-identify de-identified information except as permitted by law, such as to test whether de-identification measures are effective.
Job applicants and recruiting
If you apply for a role with VortexAQ from 10x National Security, we may use application materials and related information to evaluate your candidacy, communicate with you, conduct interviews, verify qualifications, perform background or reference checks where appropriate, support hiring decisions, comply with employment-related obligations, and maintain recruiting records.
We may collect sensitive information during recruiting only where relevant and permitted, such as work authorization, security clearance information, disability accommodation information, voluntary demographic information, or legally required employment information.
We may use automated tools, including AI-assisted systems and third-party service providers, to help organize, summarize, validate, analyze, or process candidate information in support of recruiting and operational workflows. We do not make solely automated employment decisions without human involvement.
Facility visitors and security
If you visit a facility operated by VortexAQ from 10x National Security or attend an in-person event, we may collect information needed to manage access, verify identity, protect personnel and facilities, comply with customer or government requirements, and maintain security records. This may include visitor logs, access records, badge information, host information, arrival and departure times, and security camera footage where used.
If we record calls, meetings, events, or interviews, we will provide notice where required by law or practical in the context.
Your choices and rights
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent for certain personal information. You may also have the right to appeal certain privacy-related decisions or lodge a complaint with a data protection authority.
To make a request, contact us at privacy@vortexaq.com. We may need to verify your identity and authority before fulfilling a request. Some information may be retained or exempt from a request where permitted or required by law.
United States state privacy rights
Certain U.S. state privacy laws, including California privacy law, may provide residents with rights regarding personal information. Depending on your state and our legal obligations, these rights may include:
- the right to know or access personal information we collect, use, disclose, sell, or share;
- the right to request deletion of personal information;
- the right to correct inaccurate personal information;
- the right to opt out of certain sales, sharing, targeted advertising, or profiling;
- the right to limit the use or disclosure of sensitive personal information in certain circumstances;
- the right not to receive discriminatory treatment for exercising privacy rights;
- the right to use an authorized agent, where permitted by law.
We do not sell personal information for money. Based on the current implementation of our public website, we do not use third-party advertising pixels, cross-site retargeting tags, or session replay tools. If future advertising or analytics technologies are considered a “sale,” “sharing,” or targeted advertising under applicable law, eligible individuals may have the right to opt out through browser controls, legally recognized opt-out preference signals such as GPC where required, or by contacting us.
California notice at collection
For California residents, the categories of personal information we may collect are described in “Personal information we collect” above. The purposes for collection and use are described in “How we use personal information.” The categories of third parties to whom we may disclose personal information are described in “How we share information.” Retention practices are described in “Data retention.”
We may collect identifiers, professional or employment information, internet or network activity information, geolocation information derived from IP address, audio/visual information where security cameras or calls are used, education information, account and product usage information, inferences drawn from the above, and sensitive personal information where appropriate for recruiting, security, compliance, product, support, or legal purposes.
European Economic Area, United Kingdom, and similar jurisdictions
If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar data protection laws, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information. You may also have the right to object to direct marketing and to lodge a complaint with your local supervisory authority.
Where we rely on legitimate interests, those interests may include website operation, service delivery, security, business communications, recruiting, partner and supplier management, legal compliance, fraud prevention, and protection of our personnel, facilities, systems, products, services, and information.
Australia and other international privacy rights
If you are located in Australia or another jurisdiction with privacy rights, you may have rights to request access to personal information, request correction, object to certain processing, or make a privacy complaint. We will respond to requests consistent with applicable law.
Children
Our website, products, and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can take appropriate action.
Third-party links and services
Our website, products, and services may link to third-party websites, platforms, documentation, model providers, cloud providers, job boards, social media pages, or other services. We are not responsible for the privacy practices, security, or content of third-party services. Review their privacy notices before providing information to them.
Website submissions
Do not send classified, export-controlled, proprietary, sensitive, or confidential information through public website channels unless we have expressly authorized that transmission method in writing. Information submitted through public website channels may not be treated as confidential unless a separate written agreement applies.
Changes to this policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date above. Your continued use of or interaction with the website, products, or services after changes become effective means the updated policy applies where permitted by law.
Contact
For privacy questions or requests, contact VortexAQ from 10x National Security at privacy@vortexaq.com.