Privacy Policy

1. Information We Collect

• —Account data: email address and display name when you sign up via Supabase Auth.
• —Usage data: pages visited, features used, and export counts — collected anonymously via server logs.
• —Content data: Wikipedia URLs you paste and AI-extracted infographic data processed on your behalf.
• —Payment data: handled entirely by Stripe. We never store card numbers or full payment details on our servers.

2. Lawful Basis for Processing (GDPR)

• —Contract performance: processing your account data to deliver the service you signed up for.
• —Legitimate interests: anonymised usage analytics to improve Vizedly.
• —Legal obligation: retaining billing records as required by applicable law.
• —Consent: where we ask for it explicitly (e.g. marketing emails). You may withdraw consent at any time.

3. How We Use Your Information

• —To provide, operate, and improve Vizedly.
• —To send transactional emails (account confirmation, billing receipts).
• —To respond to support requests.
• —To monitor for abuse and enforce our Terms of Service.
• —We do not sell your personal data to third parties — ever.

4. Data Storage & Security

Your account and project data is stored in Supabase (PostgreSQL) hosted on AWS us-east-1. All data in transit is protected by TLS 1.3. Data at rest uses AES-256 encryption. Access to production systems is restricted to authorised personnel only.

5. Third-Party Services

• —Supabase — authentication and database (PostgreSQL). Data stored in AWS us-east-1.
• —Google Gemini API — AI milestone extraction from Wikipedia. Inputs are not used to train Google's models under our API agreement.
• —Stripe — payment processing. Subject to Stripe's Privacy Policy.
• —Vercel — hosting and edge delivery.

6. Cookies

We use a single session cookie (set by Supabase Auth) to keep you logged in. We do not use advertising or cross-site tracking cookies. See our Cookie Policy for full details.

7. Your Rights

• —Access: request a copy of all personal data we hold about you.
• —Correction: update inaccurate information via your account settings.
• —Deletion: request full account and data deletion at any time — email legal@vizedly.com.
• —Portability: export your infographic data in JSON format.
• —Objection / Restriction: object to or restrict certain processing activities.
• —EU, UK, and California residents have additional rights under GDPR / UK GDPR / CCPA. Contact us to exercise any right.

8. Data Retention

We retain your account data for as long as your account is active. Deleted accounts are purged within 30 days. Anonymised usage logs may be retained for up to 12 months. Billing records are retained for 7 years as required by law.

9. International Transfers

Your data may be processed in the United States. Where we transfer data from the EU/EEA or UK, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as approved by the relevant authority.

10. Children's Privacy

Vizedly is not directed at children under 13 (or 16 where required by local law). We do not knowingly collect personal information from minors. If you believe a child has created an account, please contact us immediately at legal@vizedly.com.

11. Changes to This Policy

We may update this policy as our service evolves. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top reflects the most recent revision.