// DOC 003
Compliance Policy
COMPLIANCE POLICY
VANE Intelligence LLC
Effective Date: June 26, 2026
Last Updated: June 26, 2026
VANE operates in a regulated space. Visitor identification involves
processing personal information about individuals who have not directly opted
in to communicate with VANE or its End Clients. This policy describes the
legal framework VANE operates under and the rules that Reps and End Clients
must follow without exception.
Failure to comply with this policy is grounds for immediate program
termination and may expose the violating party to civil and criminal
liability.
// 01 — APPLICABLE LAW
VANE's operations and the activities of Reps and End Clients are subject to,
at minimum, the following:
- California Consumer Privacy Act (CCPA) and California Privacy Rights
Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Texas Data Privacy and Security Act (TDPSA)
- Oregon Consumer Privacy Act (OCPA)
- Other U.S. state comprehensive privacy laws as they take effect
- Telephone Consumer Protection Act (TCPA)
- National Do Not Call Registry rules (16 CFR Part 310)
- CAN-SPAM Act
- Federal Trade Commission Act, Section 5 (unfair and deceptive practices)
- State data broker registration laws (California, Vermont, Texas, Oregon,
and others as applicable)
This list is not exhaustive. Reps and End Clients are responsible for
compliance with all laws applicable to their operations and the individuals
they contact.
// 02 — VISITOR NOTICE AND CHOICE
VANE requires that any website deploying the VANE pixel post:
(a) A privacy notice disclosing that the website uses third-party visitor
identification technology and identifying VANE (or VANE's white-label
brand for that deployment) as the processor;
(b) A clear opt-out mechanism that suppresses identification for the
requesting visitor across future sessions;
(c) Recognition of the Global Privacy Control (GPC) signal as a valid
opt-out where applicable law requires;
(d) For California: a "Do Not Sell or Share My Personal Information" link
in the footer of the End Client's website, in conformance with CPRA
requirements.
VANE supplies template language and a default opt-out endpoint. End Clients
deploying the pixel are responsible for implementation on their own site.
// 03 — GEOFENCING
VANE applies geographic restrictions to suppress identification of visitors
located in:
- The European Union and European Economic Area
- The United Kingdom
- Other jurisdictions where applicable law conflicts with VANE's
identification model
End Clients and Reps must not attempt to circumvent geofencing or request
identification of visitors located in restricted jurisdictions.
// 04 — TELEPHONE OUTREACH (TCPA & DNC)
4.1. National Do Not Call Registry
Reps and End Clients must not place sales calls or sales-related SMS messages
to any number registered on the National Do Not Call Registry, regardless of
how the number was obtained.
4.2. DNC Flags
Numbers returned by the VANE platform with DNC indicators must not be
contacted by phone or SMS for sales purposes under any circumstances.
4.3. Personal Phone Numbers
Personal phone numbers returned by the platform (i.e., not business lines or
direct work numbers) must not be used for sales outreach unless:
(a) The number has been independently scrubbed against the National DNC
Registry within the prior 30 days, AND
(b) The intended outreach falls under an established TCPA exception
(existing business relationship, express written consent, etc.), AND
(c) The use case has been approved by VANE in writing.
In practice, VANE recommends restricting outreach to business email and
business phone fields only.
4.4. Auto-Dialer Restrictions
Use of automatic telephone dialing systems (ATDS) or prerecorded messages to
contact identified individuals without prior express written consent is
prohibited and may violate TCPA.
// 05 — EMAIL OUTREACH (CAN-SPAM)
Email outreach using data returned by the platform must comply with the
CAN-SPAM Act, including:
- Accurate header information and sender identification
- Clear identification of the message as commercial in nature
- A valid physical postal address of the sender
- A clear and functional unsubscribe mechanism honored within 10 business
days
// 06 — PROHIBITED USES
Data returned by the VANE platform must NOT be used for:
(a) Discrimination on the basis of race, ethnicity, religion, gender,
sexual orientation, disability, or other protected characteristics
(b) Stalking, harassment, or intimidation of any individual
(c) Adverse decision-making in employment, credit, housing, insurance, or
any other context governed by the Fair Credit Reporting Act (FCRA).
VANE data is NOT an FCRA-permitted consumer report and must not be
used as one.
(d) Sale or resale to third parties without VANE's written authorization
(e) Identification of minors (individuals under 18) for any purpose
(f) Political campaign outreach without independent compliance review
(g) Adult content marketing, gambling outside permitted jurisdictions,
cannabis or controlled substance marketing in restricted
jurisdictions, or any activity prohibited by applicable law
// 07 — REPRESENTATIONS BY REPS
Reps must not make representations to prospects or End Clients that:
(a) Guarantee specific identification rates, lead quality, or revenue
outcomes
(b) Claim compliance certifications (SOC 2, ISO, HIPAA, GDPR adequacy,
etc.) that VANE has not formally obtained
(c) Misrepresent the source of data returned by the platform
(d) Suggest that End Clients can use the data without their own legal
review
Reps may share VANE-provided marketing materials, sales decks, and example
case studies as published by VANE. Reps must not modify these materials or
add unsupported claims.
// 08 — INDIVIDUAL RIGHTS REQUESTS
Individuals identified through the platform may exercise rights under
applicable law, including the right to access, delete, correct, or opt out of
processing of their personal information.
When an End Client receives such a request directly, the End Client must
forward it to VANE within five (5) business days. VANE will process verified
requests within statutory timeframes.
Direct individual requests received by VANE will be processed regardless of
whether the request is routed through the original End Client.
// 09 — DATA SECURITY EXPECTATIONS
Reps and End Clients with platform access must:
- Use unique, non-shared login credentials
- Enable multi-factor authentication where offered
- Not export or store identified data in unsecured locations
- Not transmit identified data over unencrypted channels
- Report any suspected security incident to VANE within 24 hours
End Clients receiving identified data are independent controllers under most
applicable privacy laws and bear independent responsibility for the security
of data once it leaves the VANE platform.
// 10 — TRAINING REQUIREMENT
All Reps must complete VANE's compliance training module and acknowledge this
Compliance Policy before being granted portal access. Re-acknowledgment is
required when this policy is materially updated.
// 11 — AUDIT AND ENFORCEMENT
VANE may audit Rep and End Client activity, including call records,
communication logs, and data export activity, for compliance with this
policy.
Violations may result in:
- Warning and required remediation
- Suspension of platform access
- Termination of the Independent Contractor Agreement or End Client
services
- Forfeiture of unpaid commissions
- Referral to law enforcement where criminal violations are suspected
- Civil action for damages caused to VANE
// 12 — DISCLAIMERS
This Compliance Policy summarizes VANE's expectations and the principal legal
frameworks applicable to platform use. It is not a complete statement of
applicable law and is not legal advice. Reps and End Clients should consult
their own counsel regarding their specific obligations.
VANE makes no representation that following this policy ensures compliance
with all applicable laws in all jurisdictions where Reps or End Clients
operate.
// 13 — CONTACT
To report a compliance concern, submit a data subject request, or ask a
compliance question:
VANE Intelligence LLC
Attn: Compliance
322 South College Road #1193
Wilmington, NC 28403
compliance@vaneintelligence.com