Privacy Policy
How we collect, use and protect your personal data
1. Introduction
Vizaye ("we", "us", "our") is committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, store, share and protect information about you when you use our platform, website and services.
This policy applies to all visitors to vizaye.com, all registered users of the Vizaye platform, businesses using Vizaye's catalog hosting and WhatsApp assistant services, and visitors to our customers' Vizaye-powered catalog pages.
Vizaye is the data controller for personal data collected directly through our website and platform. For data processed on behalf of our business customers through their Vizaye catalog or WhatsApp assistant, Vizaye acts as a data processor and the customer is the data controller.
We process data in compliance with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDPA), and applicable data protection laws in the regions where we operate.
2. Data We Collect
2.1 Data you provide directly
- Account registration: name, email address, phone number, business name and type
- Catalog upload: product information, pricing, images and descriptions you add to your catalog
- Contact forms: name, email, phone, business type and message content
- WhatsApp interactions: conversations between your customers and your Vizaye AI assistant
- Payment information: processed securely by our payment provider; Vizaye does not store full card details
2.2 Data collected automatically
- Usage data: pages visited, features used, time spent, click patterns
- Device information: browser type and version, operating system, screen resolution
- IP address and approximate location (country/city level)
- Cookies and similar tracking technologies (see Section 9)
- QR code scan events: product scanned, time, approximate location at city level
2.3 Data from third parties
- WhatsApp Business API: message metadata provided by Meta for your assistant interactions
- Google Analytics: aggregated usage analytics (if enabled)
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the Vizaye platform and services | Account data, catalog data, usage data | Contract performance |
| Operating your WhatsApp AI assistant | WhatsApp message content, catalog data | Contract performance / Legitimate interest |
| Processing catalog uploads and QR code generation | Product data, images | Contract performance |
| Customer support and communications | Name, email, message content | Contract performance / Legitimate interest |
| Sending product updates and early access communications | Email address, name | Consent / Legitimate interest |
| Improving our platform and services | Usage data, aggregated analytics | Legitimate interest |
| Fraud prevention and security | IP address, usage patterns | Legitimate interest / Legal obligation |
| Legal compliance | As required by applicable law | Legal obligation |
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we rely on the following legal bases under GDPR Article 6:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Vizaye platform and services you have signed up for.
- Legitimate interests (Art. 6(1)(f)): Improving our services, preventing fraud, ensuring security, and communicating with you about relevant features.
- Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): Where processing is required to comply with applicable law.
You have the right to object to processing based on legitimate interests. Please contact us at privacy@vizaye.com to exercise this right.
5. Data Sharing
We do not sell your personal data to third parties. We share data only in the following circumstances:
5.1 Service providers (data processors)
- Cloud infrastructure: Amazon Web Services (AWS) — data hosting and storage
- Communication: Meta (WhatsApp Business API) — AI assistant message delivery
- Analytics: Google Analytics — aggregated usage statistics
- Email: SendGrid / Postmark — transactional and marketing emails
- Payments: Stripe / Razorpay — payment processing (they do not share card data with us)
5.2 Business customers
When you interact with a Vizaye-powered catalog or WhatsApp assistant operated by one of our business customers, that customer receives your enquiry details and conversation summary.
5.3 Legal requirements
We may disclose your data if required by law, court order, or to protect the rights, property or safety of Vizaye, our customers or the public.
5.4 Business transfers
In the event of a merger, acquisition or sale of all or part of Vizaye, your data may be transferred to the acquiring entity. We will notify you via email before your data is transferred.
6. International Data Transfers
Vizaye operates globally. Your data may be transferred to and processed in countries outside your country of residence, including India, the United States, and the European Economic Area.
For transfers from the EEA or UK to third countries, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where the destination country has been recognised as providing adequate protection
- Binding Corporate Rules where applicable
For Indian users, we comply with the Digital Personal Data Protection Act 2023 (DPDPA) and will process cross-border transfers in accordance with any framework notified by the Indian government under that Act.
7. Data Retention
| Data type | Retention period | Reason |
|---|---|---|
| Account data | Duration of account + 2 years | Contract performance, legal compliance |
| Catalog and product data | Duration of subscription + 1 year | Service delivery |
| WhatsApp conversation logs | 12 months from conversation date | Service improvement, dispute resolution |
| Contact form submissions | 24 months | Legitimate interest |
| Usage and analytics data | 24 months (aggregated indefinitely) | Service improvement |
| Payment records | 7 years | Legal and tax obligation |
| Backup copies | 90 days rolling | Business continuity |
8. Your Rights
| Right | Description | Applies under |
|---|---|---|
| Access | Obtain a copy of the personal data we hold about you | GDPR, DPDPA, UK GDPR |
| Rectification | Correct inaccurate or incomplete personal data | GDPR, DPDPA, UK GDPR |
| Erasure | Request deletion of your personal data, subject to legal retention requirements | GDPR, DPDPA, UK GDPR |
| Restriction | Restrict processing of your data in certain circumstances | GDPR, UK GDPR |
| Data portability | Receive your data in a structured, machine-readable format | GDPR, UK GDPR |
| Object | Object to processing based on legitimate interests or for direct marketing | GDPR, UK GDPR |
| Withdraw consent | Withdraw consent at any time where processing is based on consent | GDPR, DPDPA, UK GDPR |
To exercise any of these rights, email privacy@vizaye.com with your name, email address and the right you wish to exercise. We will respond within 30 days.
9. Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve our platform. A full cookie policy is available at vizaye.com/cookies.
| Cookie type | Purpose | Duration |
|---|---|---|
| Strictly necessary | Authentication, security, platform operation | Session to 1 year |
| Functional | Remember preferences, language, display settings | Up to 1 year |
| Analytics | Understand usage patterns to improve our platform (Google Analytics) | Up to 2 years |
| Marketing | Measure effectiveness of our marketing (only with consent) | Up to 1 year |
10. Data Security
Vizaye implements industry-standard security measures to protect your personal data against unauthorised access, disclosure, alteration or destruction.
Our security measures include:
- Encryption of data in transit using TLS 1.3 or higher
- Encryption of data at rest using AES-256
- Access controls with multi-factor authentication for all staff access to production systems
- Regular security audits and penetration testing
- Principle of least privilege for all internal data access
- Incident response procedures with notification timelines meeting GDPR Article 33 requirements
11. Children's Privacy
Vizaye's platform is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us at privacy@vizaye.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will update the "Last updated" date, send an email notification to registered account holders, and display a prominent notice on our platform for 30 days.
13. Contact & Data Protection Officer
| Channel | Details |
|---|---|
| Email (privacy) | privacy@vizaye.com |
| Email (security incidents) | security@vizaye.com |
| General enquiries | hello@vizaye.com |
| Mailing address | Vizaye, India |
We aim to respond to all privacy-related enquiries within 5 business days and to complete subject access requests within 30 calendar days.