1. Introduction
ViViD App Studio is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use ViViDly, including the web application, Chrome extension, and admin dashboard.
By using our Service, you agree to the collection and use of information as described in this policy.
2. Information We Collect
Information You Provide:
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Registration | Authentication, account management |
| Display name | Registration / Profile | Personalization |
| Profile photo | Profile edit | Account display |
| Chat messages / prompts | Each chat session | AI response generation |
| Uploaded images | Image upload | Vision AI analysis |
| Payment info | Subscription purchase | Billing (via Razorpay only) |
Automatically Collected:
| Data | Purpose |
|---|---|
| Firebase UID | Unique user identification |
| Last active timestamp | Session management |
| Message count | Subscription limit enforcement |
| Subscription plan & expiry | Plan enforcement |
| Device/browser type (anonymized) | Service optimization |
| IP address (transient) | Rate limiting, fraud prevention |
3. How We Use Your Information
| Use Case | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Performance of contract |
| Authenticate and secure your account | Legitimate interest / contract |
| Generate AI responses (sending prompts to Gemini) | Performance of contract |
| Enforce subscription message limits | Contract |
| Detect and prevent fraud, abuse, spam | Legitimate interest |
| Process payments | Legal obligation / contract |
| Improve service quality (anonymized analytics) | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. Data Sharing & Disclosure
We share data with these service providers:
| Provider | Data Shared | Purpose |
|---|---|---|
| Google (Gemini API) | Your prompts / images | Generate AI responses |
| Google Firebase | Auth tokens, Firestore user data | Auth & database |
| Google Analytics | Anonymized usage data | Service analytics |
| Razorpay | Payment amount, billing details | Subscription billing |
| Render.com | API requests (no personal data) | Backend hosting |
We may also disclose data to comply with legal obligations, court orders, or to protect the safety of our users or the public.
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (email, name, photo) | Until deletion + 30 days |
| Subscription records | 7 years (tax/legal obligation) |
| Chat history (localStorage) | Until you clear browser data |
| Extension chrome.storage data | Until extension removal |
| Server logs (Render) | 30 days rolling |
6. Your Rights
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Correction | Correct inaccurate data (in-app or email us) |
| Deletion | Request deletion of your account and data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent at any time |
Exercise your rights by emailing legal@vividappstudio.com. We respond within 30 days.
7. Children's Privacy
ViViDly is not intended for children under 13 (or 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided data, contact us immediately at legal@vividappstudio.com and we will delete it promptly.
8. Security
- All data in transit encrypted via HTTPS/TLS 1.2+
- Firebase Auth manages password security (bcrypt hashing)
- API keys stored as environment variables — never in frontend code
- Admin dashboard protected by Firebase Auth with role verification
- Chrome Extension uses backend proxy — no API keys in extension code
Despite these measures, no method of transmission is 100% secure. We cannot guarantee absolute security.
🔒 Data Protection Inquiries
Email: legal@vividappstudio.com
Response time: 30 days for verified data requests