Data Handling Practices

1.1 Broker PII (Personally Identifiable Information)

Collected at account creation and stored in Firebase Firestore under broker-scoped documents. Includes: name, brokerage, email, phone, profile photo, and license attestation.

Access: Broker (read/write own data only). Vesli team (read-only for support). No other parties.

1.2 Client PII (Buyer Information Entered by Broker)

Brokers may optionally enter client names, email addresses, and phone numbers when creating Signal boards. This data is stored in Firestore under the broker's document scope.

Access: Broker only. Vesli does not read, use, or process this data for any internal purpose.

Retention: Until broker deletes the board or closes their account. On account closure, this data is deleted from active systems.

1.3 Buyer Engagement Data

Automatically generated when a Buyer interacts with a Signal board. Includes: reactions per listing, notes, time spent per listing, view counts, showing requests, and session timestamps.

This data is associated with the broker's board in Firestore. It is used to power the broker's real-time dashboard and — in aggregated, anonymized form — to generate platform benchmarks.

Access: Broker (real-time dashboard). Vesli (aggregated analytics only; individual board data is not reviewed by Vesli staff in normal operations).

1.4 Listing Content

Vessel listings input by brokers via PDF upload (Boatwizard exports), YachtWorld links, or manual entry. This content is stored per-board in Firestore.

Vesli does not independently aggregate or scrape listing data. All listing content is broker-initiated. Brokers attest at signup that they have the right to share content they input.

1.5 Platform Usage Metadata

Standard technical logs including IP addresses, session duration, device type, and feature usage. Used for debugging, product improvement, and security monitoring. Retained for 90 days.

2.1 Database

Primary data store: Firebase Firestore (Google Cloud). Data is organized in a broker-scoped document hierarchy. Firebase security rules enforce that each authenticated broker can only read and write their own documents. Cross-broker data access is not permitted at the database level.

2.2 Authentication

Broker authentication: Firebase Auth (email/password or SSO). Buyers do not authenticate — board access is via unique link. Board links are long-form UUIDs that are not guessable.

2.3 File Storage

PDF uploads are processed in-memory using PDF.js for binary extraction and OpenAI Vision API for text and spec parsing. Uploaded PDFs are not permanently stored by Vesli after processing is complete. Extracted vessel data is stored in Firestore.

2.4 Payments

Payment processing: Stripe. Vesli does not store credit card numbers, bank account details, or any raw payment instrument data. Vesli stores only the Stripe customer ID and subscription status for each broker account.

2.5 Email

Transactional email (showing request notifications, account updates): SendGrid. Broker email addresses are transmitted to SendGrid solely for the purpose of delivering notifications. SendGrid is contractually prohibited from using these addresses for its own marketing.

3.1 Broker Data

Brokers own their client relationships and the client information they enter into the Platform. Vesli does not claim ownership of broker-entered client PII.

3.2 Engagement Data

Buyer engagement data generated through a broker's Signal board is jointly owned by Vesli and the broker. Brokers have full access to their board's engagement data. Vesli retains rights to use this data in aggregated, anonymized form for platform analytics and benchmarking.

3.3 Listing Content

Listing content entered by brokers remains subject to the intellectual property rights of the original content owners (listing brokers, MLS platforms, photographers, etc.). Vesli's role is as a passive technology platform; brokers are responsible for their content rights.

Active Accounts

All broker and client data retained for the duration of account activity. No automatic expiration.

Board Deletion

When a broker deletes a client board (feature in development), all client PII and engagement data associated with that board is deleted from Firestore.

Account Closure

Client PII (name, email, phone) entered by the broker: deleted from active systems. Anonymized engagement data: may be retained for internal benchmarking. Platform usage logs: deleted after 90 days per standard log retention.

Legal Hold

Data subject to a valid legal hold or law enforcement request will be retained for the duration of the applicable requirement.

The following third-party services process Vesli user data:

• Firebase (Google): Database hosting, authentication. Google Cloud Terms + DPA apply.
• Stripe: Payment processing. PCI-DSS Level 1 certified. Vesli stores no raw payment data.
• SendGrid (Twilio): Transactional email delivery. Broker emails used only for delivery.
• OpenAI: PDF/image parsing via Vision API. Vessel spec data sent for extraction. No client PII transmitted to OpenAI.
• Vercel: Platform hosting. Application traffic routed through Vercel infrastructure.

Vesli LLC is registered as a DMCA Safe Harbor agent under 17 U.S.C. § 512. Registration Number: DMCA-1072974. Registered agent: Joel Iglesias Gomes, Vesli LLC, 1000 Brickell Ave, Ste 715 PMB 2237, Miami, FL 33131. Email: info@vesli.app.

Until registration is complete, direct all copyright takedown requests to legal@vesli.app. Vesli will respond to valid requests within a commercially reasonable timeframe.

In the event of a confirmed data breach affecting broker or buyer information, Vesli will:

• Assess the scope and nature of the breach within 24 hours of discovery
• Notify affected brokers via email within 72 hours where required by law
• Take immediate steps to contain the breach and secure affected systems
• Cooperate with applicable regulatory bodies as required

Brokers who discover or suspect a security incident should report it immediately to security@vesli.app.

• Data and privacy questions: privacy@vesli.app
• Security issues: security@vesli.app
• Legal and compliance: legal@vesli.app
• General support: support@vesli.app
• Mailing Address: Vesli LLC, 1000 Brickell Ave, Ste 715 PMB 2237, Miami, FL 33131
• DMCA Agent Registration Number: DMCA-1072974