VANTIO
Home
Legal · PrivacyEffective 2026-04-26

Privacy Statement

Vantio AI, Inc. · Kernel-Level Telemetry · TrueTime Ledger Data Practices

Important Note on WORM Immutability

Records committed to the TrueTime Ledger are permanently immutable by architectural design. Deletion requests cannot be honored for ledger records. Customers with data erasure obligations should review the collection boundary documentation before deploying Vantio in scopes that process personal data.

What We Collect

Vantio collects kernel-level telemetry to enforce AI governance policies. The data capture surface is strictly bounded to events produced by the Vantio eBPF probe layer and includes:

  • Syscall identifiers, normalized argument vectors, and return values for processes operating within a Vantio-governed cgroup.
  • Process credential metadata: UID, GID, PID, cgroup path, and binary hash.
  • Enforcement decisions emitted by the Vantio LSM hook layer (permit, block, quarantine).
  • Account identifiers associated with the Vantio API key used to authenticate the agent session.

Vantio does not collect the semantic content of AI model inputs or outputs. Prompt text, model weights, and inference payloads are outside the capture boundary.

WORM Storage & Immutability

All collected telemetry is committed to the TrueTime Ledger — an append-only, structurally non-rewriteable record store. Records committed to the ledger cannot be altered, redacted, or deleted by Vantio operators, customers, or third parties. This is an architectural property of the storage layer, not a policy commitment.

This design satisfies the WORM requirements of SEC Rule 17a-4 (17 C.F.R. § 240.17a-4) and is a prerequisite for customers operating under that rule. Customers who require record deletion for data protection compliance should evaluate whether the Vantio deployment scope intersects with personal data as defined under applicable law.

Retention Periods

TrueTime Ledger records are retained for a minimum of six (6) years from the date of capture, consistent with the maximum retention period under SEC Rule 17a-4. Customers may configure extended retention beyond this minimum via their data agreement.

Records in the Hot tier (years 0–3) are accessible immediately via the Vantio API. Records in the Warm tier (years 3–6) are accessible within 24 hours on request. Cold-archive records beyond six years are retained under the terms of individual customer data agreements.

Regulatory Access

Vantio will furnish TrueTime Ledger records to the U.S. Securities and Exchange Commission, FINRA, and other lawfully authorized regulatory bodies upon properly served legal process. Proof bundles exported for regulatory examination include RISC Zero zkVM integrity proofs, enabling independent verification without Vantio infrastructure involvement.

A designated third-party custodian arrangement is available for customers subject to 17a-4§(f)(3)(vii). Contact compliance@vantio.ai to establish custodian access credentials.

Data Sharing

Vantio does not sell, license, or share telemetry data with third parties for commercial purposes. Data may be disclosed to:

  • Regulatory bodies pursuant to lawful process (see Regulatory Access above).
  • Infrastructure providers (cloud compute, block storage) operating under data processing agreements with equivalent confidentiality obligations.
  • Designated third-party custodians established at customer request for 17a-4 compliance.

Data Subject Rights

To the extent that TrueTime Ledger records contain personal data as defined under applicable law (e.g., GDPR, CCPA), data subjects may request access to records associated with their identifier by contacting privacy@vantio.ai.

Deletion requests cannot be fulfilled for records committed to the TrueTime Ledger due to the WORM architectural constraint. Customers operating under regulations that impose a right to erasure should consult Vantio's data boundary documentation and consider pseudonymization of agent identifiers prior to deployment.

Changes to This Statement

Material changes to this privacy statement will be published at this URL with an updated effective date at least 30 days before taking effect. Continued use of the Vantio platform after the effective date constitutes acceptance of the updated statement.

Trust CenterTerms of Service