Privacy Policy

Effective date: February 25, 2026

At a Glance

  • We collect account info, content you upload, technical data, and usage analytics.
  • We use data to operate the Service, provide media management features, secure accounts, and (if opted-in) send product updates.
  • We do not sell personal information and do not share it for cross-context behavioral advertising.
  • Transfers from the EU/UK rely on Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
  • Uploaded media and associated metadata are retained until you delete them or close your account.

1) Who We Are & How to Contact Us

This Privacy Policy explains how Vysual LLC ("we," "us," "our") collects, uses, shares, and safeguards information when you use our website and web application (the "Service").

  • Legal entity: Vysual LLC
  • Contact (privacy requests): support@vysual.com
  • Intended audience: Business users (B2B)

If you are in the EU/UK, the data controller is Vysual LLC. If you use Vysual on behalf of a company, your company is typically the controller for the business content you upload, and Vysual acts as a processor.

2) Scope

This policy applies to the Service and any features that allow you to upload, organize, search, manage, and collaborate on media assets (video, photos, graphics, documents, and audio). We do not knowingly target or collect data from children under the age of 16.

3) What We Collect

A. Information You Provide

  • Account & identity: name, email, profile image, role, basic account flags (e.g., onboarding state), timestamps.
  • Workspace & content: media files you upload (video, images, graphics, documents, audio), file names, descriptions, tags, metadata, folder structures, and organizational data.
  • Collaboration: invitations, team membership, comments, and approvals.

B. Information from Your Use of the Service

  • Device/technical: IP address, browser/user agent, session/authentication data required to keep you signed in securely.
  • Usage analytics: feature usage, search queries, and interaction patterns used to improve the Service.

C. Information from Integrated Services

  • Third-party integrations: with your authorization, we may obtain data from services you connect, including access tokens, identifiers, and related metadata.
  • Tokens & connection data: OAuth tokens/refresh tokens required to operate integrations.

4) How We Collect It

  • Directly from you when you create an account, upload media, or invite teammates.
  • From connected services via their official APIs, under the permissions you grant.
  • From our application via authentication, logging, and analytics necessary to provide the Service.
  • Cookies/local storage: essential auth/session cookies and local/session storage for sign-in state. We do not use cross-site behavioral advertising cookies.

5) How We Use Information

  • Provide and operate the Service (upload, organize, search, manage, and share media assets; manage workspaces and roles).
  • Account administration & support (teammate invites, status notifications, service messages).
  • Analytics & product improvement (understand feature adoption and performance to improve reliability and UX).
  • Security & abuse prevention (detect fraud/misuse, protect accounts).
  • Marketing communications (if you opt in or as permitted by law; you can unsubscribe at any time).
  • AI-assisted features (e.g., media tagging, search, and content analysis) as described below.

Legal bases (EU/UK): contract performance; legitimate interests (e.g., security, service analytics); consent where required (e.g., certain marketing/AI uses). You can withdraw consent at any time.

6) AI & Automated Decision-Making

  • Services used: AI model providers for media analysis, tagging, and search.
  • Inputs: content you submit for those features (e.g., media files, metadata).
  • Model training: We configure AI vendors so that customer content is not used to train their models unless clearly disclosed and consented.
  • Automations: AI-powered tagging, search indexing, and organizational suggestions do not produce legal or similarly significant effects. You may request human review.

7) Sharing & Processors

We share personal information with service providers that help us run the Service. They are bound by contracts to use data only on our instructions and to protect it.

Categories of providers: hosting & infrastructure, authentication & email delivery, AI & media processing, and payment processors.

We do not "sell" personal information and we do not "share" it for cross-context behavioral advertising as defined by the CPRA.

We may disclose information if required by law, to protect safety, or in connection with a corporate transaction (e.g., merger or acquisition).

8) International Transfers

We may process and store information in countries different from where you reside (e.g., the United States and other regions where our infrastructure or providers operate). When we transfer personal data from the EU/UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (and the UK Addendum). Where applicable, we also rely on the EU–US Data Privacy Framework (and UK Extension) for certified providers.

9) Security

  • Encryption in transit and at rest
  • Account security with role- and workspace-based access controls
  • Row-level/data-level access policies within our data layer
  • Audit logging and rate limiting appropriate to the Service
  • Restricted secrets/keys and least-privilege access for staff and systems

No system is 100% secure. If we learn of a breach affecting your information, we will notify you and regulators as required by law.

10) Retention

We keep personal information for as long as necessary to provide the Service and for legitimate business needs (e.g., security, analytics, compliance), then delete or de-identify it when no longer needed.

  • Account & workspace content: retained until you delete it or close the account.
  • Media files & metadata: retained until you delete them or close your account.
  • Integration connections/tokens: retained until you revoke or they expire.
  • Invitations: retained until they expire.
  • Usage analytics: may be retained in aggregated or de-identified form for product improvement, subject to your privacy rights and applicable law.

11) Your Privacy Choices & Rights

A. Global Choices

  • Marketing emails: unsubscribe via the link in any message.
  • Connected accounts: disconnect integrations at any time in the Service or via the third-party platform.

B. EU/UK (GDPR/UK GDPR)

You have the right to access, correct, delete, restrict, object, and port your personal data, and to withdraw consent where processing is based on consent.

C. California (CCPA/CPRA)

California residents have rights to know, correct, delete, and to opt-out of "sale" or "sharing" of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising. You may also limit the use/disclosure of sensitive personal information; we only use sensitive items (e.g., OAuth tokens) to provide the Service.

D. Canada (PIPEDA)

You have rights to access and correct personal information and to file complaints with the OPC.

How to exercise rights: email support@vysual.com. We may need to verify your identity. Until in-app export is available, we will fulfill access/export/deletion via a secure manual process.

12) Cookies & Local Storage

We use essential cookies and storage to: keep you signed in, maintain OAuth state/flow, and support core app functionality and security.

We do not use third-party cross-site advertising cookies. You can control cookies via your browser; however, essential cookies are required for the Service to function.

13) Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will take appropriate steps to remove it.

14) Controller/Processor Roles

For most workspace content and media you upload, your organization is the controller; Vysual acts as a processor to operate the features you request. For our own website operations, account management, security, and direct marketing, Vysual is the controller.

15) Changes to This Policy

We may update this policy to reflect changes to our practices or legal requirements. We will post the updated policy and change the Effective date above. If changes are material, we will provide additional notice (e.g., in-app banner or email) at least 7 days before they take effect.

16) Contact

Questions, requests, or complaints about this policy or your personal information:

support@vysual.com

CPRA "Notice at Collection" (Summary)

  • Categories collected: identifiers (name, email), online activity (technical data), user content (media files, metadata), professional information (workspace/team). Sensitive PI: authentication/OAuth tokens used only to provide the Service.
  • Purposes: service operation, media management features you request, security, internal analytics, communications.
  • Retention: media and account content retained until deleted; usage analytics may be aggregated; other categories as outlined in Section 10.
  • Sale/Share: No — we do not sell or share personal information for cross-context behavioral advertising.
  • Rights & contact: see Sections 11 and 16.

Last updated: February 25, 2026