Privacy Policy
01Introduction and Scope
Vyzz, Inc. ("Vyzz," "we," "us," or "our") operates the AI Visibility & GEO Optimization platform accessible at vyzz.io (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our Service, visit our websites, or otherwise interact with us.
This Policy applies to all users of the Service, including individual account holders, authorized users within organizational accounts, and visitors to our public-facing web properties. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Service immediately.
We are committed to protecting your privacy and handling your data in an open and transparent manner. This Policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy legislation in the jurisdictions where we operate.
02Definitions
To ensure clarity throughout this Privacy Policy, the following terms carry specific meanings when used in this document:
- "Service" refers to the Vyzz AI Visibility & GEO Optimization platform, including the web application at vyzz.io, all associated APIs, dashboards, reports, and related tools provided by Vyzz, Inc.
- "Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a natural person or household. This includes, but is not limited to, names, email addresses, IP addresses, and device identifiers.
- "Usage Data" refers to data collected automatically through the operation of the Service, including but not limited to pages visited, features used, time spent on pages, click paths, browser type, operating system, and referral URLs.
- "AI Platform Data" means data generated through our analysis of third-party artificial intelligence platforms (such as ChatGPT, Google Gemini, Claude, Perplexity, Microsoft Copilot, and Grok), including visibility scores, citation frequency, sentiment analysis, competitor benchmarking data, and prompt-response analysis results.
Where this Policy refers to "you" or "your," it means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
03Categories of Personal Data
We collect personal data through several channels and categorize it as follows. The specific data points collected depend on how you interact with the Service and the features you use.
Data You Provide Directly
- Account information: Full name, email address, and password (managed by our authentication provider, Clerk)
- Organization details: Company name, business domain, industry vertical, and geographic region
- Payment information: Billing name, billing address, and payment card details (processed and stored exclusively by Stripe; Vyzz does not store raw payment card numbers)
- Communications: Messages, feedback, or inquiries you submit through our support channels
Data Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences
- Usage information: Pages viewed, features accessed, actions taken within the dashboard, session duration, and interaction patterns
- Cookies and similar technologies: Authentication tokens, session identifiers, and functional preference cookies (detailed in Section 11)
AI-Specific Data
- Visibility scores: Numerical assessments of your brand's presence across major AI platforms
- Competitor data: Comparative rankings and benchmarks against identified competitors in your industry
- Prompt analysis results: Aggregated data from queries submitted to third-party AI platforms on your behalf, including citation frequency, recommendation sentiment, and positioning analysis
04Purposes and Legal Bases
We process your personal data for the following purposes. Where GDPR applies, we have identified the corresponding legal basis for each processing activity.
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service, including generating visibility reports and competitor analysis | Performance of contract |
| Processing payments and managing subscriptions via Stripe | Performance of contract |
| Analyzing usage patterns to improve Service features and user experience | Legitimate interest |
| Protecting the security and integrity of the Service, detecting fraud and preventing abuse | Legitimate interest |
| Sending transactional communications (account confirmations, billing notices, results notifications) | Performance of contract |
| Complying with legal obligations, including tax reporting and responding to lawful requests from public authorities | Legal obligation |
Where we rely on legitimate interest as the legal basis, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us at hello@vyzz.io.
05AI Training Disclosures
Vyzz does not use customer data to train artificial intelligence models. We do not feed your account information, organization details, visibility scores, or any other personal data into machine learning training pipelines. Your data is used exclusively to deliver the Service as described in this Policy.
Our Service generates visibility scores and competitive analyses by querying third-party AI platforms (including OpenAI's ChatGPT, Google Gemini, Anthropic's Claude, Perplexity, Microsoft Copilot, and xAI's Grok) with industry-relevant prompts. These queries are designed to assess how each platform references, recommends, or describes your brand and your competitors. The prompts submitted to these third-party platforms do not contain your personal data; they consist of industry-specific and brand-relevant questions.
The responses we receive from these third-party AI platforms are processed and aggregated by Vyzz to generate your visibility scores, citation analysis, and competitive benchmarks. We do not control how third-party AI platforms process the prompts we submit to them, and we encourage you to review the privacy policies of these platforms independently. Vyzz is not responsible for the data practices of third-party AI platforms.
06Disclosure of Personal Data
We share your personal data only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal data to any third party for their marketing or advertising purposes.
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication and user management | Name, email, profile image, session data |
| Stripe | Payment processing and subscription management | Billing name, email, payment method, transaction history |
| Supabase | Database hosting and data storage | All account and organization data, visibility results |
| Vercel | Application hosting and content delivery | IP address, request logs, performance metrics |
Each service provider is contractually obligated to process your data only for the purposes specified above and in accordance with applicable data protection laws. We may also disclose your personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Vyzz, our users, or the public.
07International Data Transfers
Your personal data is processed and stored primarily in the United States through our infrastructure providers, Vercel and Supabase. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which may have data protection laws that differ from those in your jurisdiction.
For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on appropriate legal mechanisms to facilitate international data transfers. These include Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated into our data processing agreements with our sub-processors. Where applicable, we also rely on adequacy decisions and supplementary measures as recommended by relevant supervisory authorities.
By using the Service, you acknowledge and consent to the processing and transfer of your information to the United States and other jurisdictions where our service providers operate. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
08Data Security Measures
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your personal data. While no method of transmission over the Internet or method of electronic storage is completely secure, we strive to use commercially acceptable means to protect your data.
- Encryption in transit: All data transmitted between your browser and our Service is encrypted using TLS (Transport Layer Security) with modern cipher suites. We enforce HTTPS across all endpoints.
- Authentication security: User authentication is managed by Clerk, which provides enterprise-grade session management, optional multi-factor authentication (MFA), and protection against common attack vectors including credential stuffing and brute force attempts.
- Payment security: All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. Vyzz never receives, processes, or stores raw payment card numbers. Card data is tokenized by Stripe before any interaction with our systems.
- Access controls: We implement role-based access controls to limit access to personal data to those employees, contractors, and agents who need it to perform their duties. All access is logged and subject to periodic review.
- Infrastructure security: Our application is hosted on Vercel with automatic security patching and DDoS protection. Our database is hosted on Supabase with encryption at rest and automated backups.
We regularly review and update our security practices to address evolving threats. In the event of a data breach that affects your personal data, we will notify you and relevant supervisory authorities as required by applicable law.
09Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. When we no longer need your personal data, we securely delete or anonymize it.
| Data Category | Retention Period |
|---|---|
| Account and organization data | Duration of active service plus 30 days after account closure |
| Payment and billing records | 7 years (required for tax and financial compliance) |
| Visibility results and analysis data | Duration of active service (deleted upon account closure and grace period) |
| Server and usage logs | 90 days (rolling deletion) |
If you request deletion of your account, we will remove or anonymize your personal data within the timeframes specified above, subject to any legal obligations that require us to retain certain records. We may retain anonymized, aggregated data indefinitely for statistical and analytical purposes, as such data cannot be used to identify you.
10Data Subject Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. We are committed to honoring these rights and have established processes to facilitate their exercise.
Rights under GDPR (EEA, UK, Switzerland)
- Right of access: You may request a copy of the personal data we hold about you, along with information about how it is processed.
- Right to rectification: You may request correction of inaccurate or incomplete personal data.
- Right to erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to data portability: You may request a machine-readable copy of personal data you have provided to us.
- Right to restriction: You may request that we restrict processing of your personal data in certain circumstances.
- Right to object: You may object to processing based on legitimate interest at any time.
Rights under CCPA (California residents)
- Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of personal information we have collected from you.
- Right to opt-out: You have the right to opt-out of the sale of personal information. Vyzz does not sell personal information, so this right is satisfied by default.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise any of these rights, please contact us at hello@vyzz.io. We will respond to your request within 30 days. We may request additional information to verify your identity before fulfilling your request. If we are unable to comply with your request, we will provide you with a written explanation of the reasons.
11Cookies and Tracking
We use cookies and similar tracking technologies to operate and improve the Service. A cookie is a small data file placed on your device when you visit a website. We categorize the cookies we use as follows:
| Category | Purpose | Can Be Disabled |
|---|---|---|
| Essential | Clerk authentication session tokens required for the Service to function. These cookies maintain your logged-in state and secure your account. | No |
| Functional | Store your preferences such as dashboard layout settings, timezone, and notification preferences. | Yes |
| Analytics | Collect anonymous usage data to help us understand how the Service is used and identify areas for improvement. No personally identifiable information is collected. | Yes |
We do not use advertising or third-party marketing cookies. We do not participate in cross-site tracking networks or serve targeted advertisements. You can control cookies through your browser settings, though disabling essential cookies will prevent you from using the Service.
12Children's Privacy
The Service is designed for business professionals and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at hello@vyzz.io.
If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take immediate steps to delete that information from our servers. If you believe we might have any information from or about a child under 16, please contact us immediately.
13Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.
For material changes that significantly affect how we collect, use, or share your personal data, we will provide you with prominent notice at least 30 days in advance of the change taking effect. This notice will be delivered via the email address associated with your account. We may also display a notice within the Service itself.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue use of the Service and contact us to request deletion of your account.
14Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We aim to respond to all inquiries within 30 calendar days.
Vyzz, Inc.
Email: hello@vyzz.io
If you are located in the EEA and believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach the supervisory authority, and we encourage you to contact us first.