Legal
Last updated: May 8, 2026
VidiVeni is built around one idea: travel is for everyone. So is privacy. We've written this policy in plain English so you actually know what's going on — not just what satisfies a checkbox.
VidiVeni is the data controller for all data processed through the platform. If you have questions about your data or want to exercise your rights, reach us at privacy@vidiveni.app — a human reads and replies.
You've received a guide link from someone — a travel agency, a hotel, a friend. You don't need an account to open it. When you do, our server logs the request the same way every web server does: a timestamp and your browser type. That's it. We can't identify you from this and we don't try to.
If you install the guide as a PWA, we log that install event so the person who created the guide knows it was used. Still no name, no email, no location.
We store your email address, username, country, and organization so you can log in and manage your guides. We also record which guides you've created and your dashboard activity — that's how the service works. Nothing more.
If you choose to sign in via Google or Microsoft, we request only the minimal OAuth scopes needed: email and basic profile (display name). We do not request access to your calendar, contacts, Drive, or any other data. The email address returned is stored as your account identifier; the display name is stored so your dashboard can greet you by name. We never receive your Google or Microsoft password.
You can unlink a social provider or delete your account entirely from your profile settings at any time — this removes all stored OAuth tokens from our systems.
To understand how features are adopted and improve the product, we load Pendo by default on the basis of legitimate interest. Pendo receives a pseudonymous UUID (a random identifier — never your email or name), your role (e.g. "user"), and your account tier. It is never used for advertising and is never shared with ad networks. You can opt out anytime via the "Cookie settings" link in the footer — opting out stops Pendo and clears its session for the rest of your visit and on future visits.
Travelers who open a guide without an account are tracked with a separate anonymous UUID stored only in their browser's localStorage, and the same opt-out applies.
Pendo acts as a data processor under a Data Processing Agreement with Standard Contractual Clauses (SCCs) in place for international transfers.
We send transactional emails (account verification, password reset, invite notifications) regardless of marketing preferences — these are necessary to operate the service. Separately, you may opt in to occasional product news at signup or from your profile settings. This checkbox is not pre-ticked, and you can withdraw consent at any time from your profile or by following the unsubscribe link in any marketing email.
To run the service. To log you in, show you your guides, deliver those guides to travelers, and keep the platform secure. That's the whole list.
We may use aggregated, anonymized statistics to understand which features are actually useful. This never involves identifying individual users.
We don't sell your data to anyone, ever.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| cga_consent | Stores your cookie preferences | Necessary | 1 year |
| cga_token | Keeps you logged in (JWT) | Necessary | Session |
| _pendo_* | Pendo product analytics (pseudonymous visitor ID, no PII) | Analytics | Session / 1 year |
If you're in the EU or EEA, you have the right to:
Email privacy@vidiveni.app to exercise any of these. We'll respond within 30 days.
We use HTTPS everywhere, bcrypt for passwords, JWT for sessions, and restrict access to production systems. We're a small team and we take this seriously.
Guide generation may send trip parameters (not personal data) to Anthropic (US) or Google (US). Both are covered by Standard Contractual Clauses as required under GDPR.
VidiVeni is not designed for children under 16. We don't knowingly collect data from them. If you believe a child has provided us with personal data, contact privacy@vidiveni.app and we'll delete it promptly.
When we make material changes, registered users will hear about it by email or through a dashboard notification before the change takes effect.
privacy@vidiveni.app — we're happy to talk through anything in here.