Privacy Policy

Last updated: April 1, 2026

1. Introduction

Vizually.AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at www.vizually.ai and our platform (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Account Information: When you register, we collect your name, email address, and a password (which is immediately hashed using PBKDF2 with 100,000 iterations — we never store plaintext passwords).

User Content: We store the projects, canvases, cards, connectors, zones, sticky notes, and other content you create on the platform. This content is necessary to deliver the Service.

Usage Data: We collect analytics about how you interact with the Service, including pages visited, features used, session duration, and browser/device type. This data is used in aggregate to improve the platform.

AI Interaction Data: When you use our AI Copilot features (chat, generate, analyze), your prompts and canvas context are processed by third-party AI providers. AI chat history is stored to maintain your conversation continuity.

Lead & Communication Data: If you voluntarily submit your email through our chatbot, newsletter signup, or contact forms, we store that information for follow-up communications.

Cookies & Local Storage: We use essential cookies for authentication and session management. See our Cookies Policy for full details.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Process AI requests through our third-party AI providers
• Send transactional emails (account verification, password resets, billing receipts)
• Send product updates and announcements (you may opt out at any time)
• Analyze usage patterns in aggregate to improve the platform
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

4. Third-Party Services

We share data with the following categories of third-party providers, solely to operate the Service:

• AI Processing: Together.AI — receives canvas context and prompts to power AI Copilot features. Together.AI does not use your data to train models.
• Hosting & Infrastructure: Vercel (application hosting), Turso (database). Your data is encrypted in transit (TLS) and at rest.
• Email: Resend — used to send transactional and notification emails on our behalf.
• File Storage: Vercel Blob Storage — used for downloadable resources and exports.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your content to train AI models.

5. Data Storage & Security

Your data is stored on servers in the United States. We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Password hashing with PBKDF2 (100,000 iterations)
• Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options)
• Role-based access controls within the platform
• Session tokens with automatic expiration

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention & Deletion

We retain your account and content data for as long as your account is active. If you delete your account, we will anonymize or delete your personal data within 30 days, except where retention is required by law (e.g., billing records). Aggregated, anonymized usage data may be retained indefinitely for analytics.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Export: Request a portable copy of your data (JSON or CSV)
• Restrict Processing: Request that we limit how we use your data
• Withdraw Consent: Withdraw consent for non-essential processing at any time
• Object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at support@vizually.ai. We will respond within 30 days.

8. International Data Transfers (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure your data is protected in accordance with GDPR. Our lawful bases for processing include: contract performance (providing the Service), legitimate interest (improving the platform, preventing fraud), and consent (marketing communications).

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your rights. To make a request, email support@vizually.ai.

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

For privacy-related inquiries or to exercise your data rights, contact us at:
Email: support@vizually.ai
Website: www.vizually.ai