Legal

Privacy & Cookie Policy

Last updated: April 14, 2026

1. Introduction

VidiVeni ("we", "us", "our") respects your privacy. This policy explains what data we collect, why, how we use it, and your rights. It applies to all users of our platform: Clients (registered businesses) and End Users (travelers who receive guides).

2. Data Controller

VidiVeni is the data controller. For questions about your data, contact us at privacy@vidiveni.app.

3. What Data We Collect

3.1 Client Data (registered users)

  • Account information: username, email address, hashed password, country, organization
  • Usage data: guides created, generation requests, dashboard activity
  • Technical data: IP address, browser type, device info (from server logs)

3.2 End User Data (travelers)

  • Guide access: when a guide link is opened (timestamp, user agent)
  • PWA install events: if and when the guide is installed as a PWA
  • We do not collect names, email addresses, or location data from End Users
  • End Users do not need to create an account or sign in

3.3 Data we do NOT collect

  • Payment card details (handled by our payment processor)
  • Precise geolocation of End Users
  • Browsing history outside of our platform

4. How We Use Your Data

  • Provide and maintain the Service
  • Authenticate Client accounts
  • Deliver guides to End Users via secure links
  • Monitor platform usage and enforce fair use limits
  • Improve the Service (aggregated, anonymized analytics)
  • Communicate with Clients about their account and Service updates

5. Legal Basis for Processing (GDPR)

  • Contract: processing necessary to provide the Service to registered Clients
  • Legitimate interest: security monitoring, fraud prevention, service improvement
  • Consent: analytics cookies (see Section 8)

6. Data Sharing

We do not sell your data. We share data only with:

  • AI providers (Anthropic, Google) — guide content generation requests (destination and trip parameters only; no personal data)
  • Hosting provider — server infrastructure
  • Analytics (Vercel Analytics) — anonymized, aggregated page view data
  • Payment processor — billing data for paid plans (when applicable)

7. Data Retention

  • Client accounts: retained while the account is active; deleted 30 days after account closure
  • Guide data: retained while the guide exists; soft-deleted when revoked, hard-deleted after 90 days
  • Server logs: retained for 90 days, then automatically purged
  • End User access logs: retained for 90 days

8. Cookies

8.1 What cookies we use

CookiePurposeTypeDuration
cga_consentStores your cookie preferencesNecessary1 year
cga_tokenAuthentication session (JWT)NecessarySession
va_*Vercel Analytics (anonymized page views)AnalyticsSession

8.2 Cookie categories

  • Necessary: required for the Service to function. Cannot be disabled.
  • Analytics: help us understand how the platform is used. Opt-in only — disabled by default.

8.3 Managing cookies

You can manage your cookie preferences at any time via the "Cookie settings" link in the footer. You can also delete cookies through your browser settings.

9. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — for consent-based processing (e.g. analytics cookies)

To exercise any of these rights, contact privacy@vidiveni.app. We will respond within 30 days.

10. Data Security

We use industry-standard measures to protect your data: encrypted connections (HTTPS), hashed passwords (bcrypt), token-based authentication (JWT), and restricted access to production systems.

11. International Transfers

AI generation requests may be processed by providers outside the EU (Anthropic — US, Google — US). These transfers are covered by the providers' Standard Contractual Clauses and data processing agreements.

12. Children

The Service is not directed at children under 16. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to registered Clients via email or dashboard notification.

14. Contact

For privacy-related questions or to exercise your data rights:
privacy@vidiveni.app