PRIVACY POLICY – VIZMAKER
Installed application & website

This Privacy Policy (the “Policy”) explains how we process personal data and other information in connection with the use of the VizMaker desktop application installed on your computer (the “Application”) and the vizmaker.com website (the “Website”). This Policy fulfils the information obligations under Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).


§1. Data Controller and Contact


1. The controller of your personal data is VIZACADEMY Sp. z o.o., Rolna 23A, 33-395 Chełmiec, Poland, KRS: 0000725092, REGON: 369803210, NIP: 7343557295 (the “Controller”).
2. For privacy matters, support, and to exercise your rights, contact: support@vizmaker.com.

 

§2. Scope of the Policy


1. This Policy applies to:
1) the VizMaker Application installed on your computer, including login, uploading materials, and content generation features;
2) the vizmaker.com Website, including forms, the account panel, billing (if applicable), and cookies/related technologies.
2. If a separate notice is provided for a specific feature (e.g., a payment page), that notice prevails for that feature.


§3. Categories of Data We Process


Depending on how you use the Application and the Website, we may process:
1. Account and login data: e-mail address, account identifier, session/authentication data necessary to keep you signed in, and information about the login method (e-mail login or “continue with an external login provider”).
2. Content and materials you provide (various media): files and data you upload or enter to generate content (e.g., images, graphics, video, audio, documents, or other multimedia depending on available features), as well as textual descriptions (prompts), settings, and generation parameters.
3. Subscription/credits and billing data: subscription status, plan, credits balance, purchase history, transaction identifiers, and payment status information.
Note: payment card details are processed directly by the payment operator; as a rule, we do not receive full card data.
4. Support and correspondence: the content of your messages, requests, complaints, and any attachments you send voluntarily.
5. Technical and operational data: IP address, session identifiers, timestamps, basic device/system information, Application version, diagnostic events, error reports, and security logs to the extent necessary to operate and secure the service.
Please note: the materials you upload may contain personal data (e.g., image/voice or information included in the content). You decide what you submit.


§4. Login and Authentication


1. The Application allows you to log in:
– using an e-mail address; and/or
– using a “continue with an external login provider” option.
2. If you use external login, we receive from the login provider the data necessary to create and operate your account (typically your e-mail address and a user identifier in that provider’s system). The scope depends on your settings and the provider’s policies.


§5. Purposes of Processing and Legal Bases (GDPR)


We process personal data for the following purposes:
1. Providing the service and performing a contract (account creation and management, enabling use of the Application, fulfilling generation requests, delivering outputs, and accounting for credits) – Article 6(1)(b) GDPR.
2. Payments, subscriptions, and settlements (processing purchases of subscriptions/credits, refunds if applicable, and accounting/tax obligations) – Article 6(1)(b) and Article 6(1)(c) GDPR.
3. Security and proper operation (preventing abuse, incident prevention/response, maintenance, testing, diagnostics, and service improvement) – Article 6(1)(f) GDPR.
4. Handling correspondence, support, and complaints – Article 6(1)(f) GDPR, and where the contact is necessary for contract performance: Article 6(1)(b) GDPR.
5. Newsletter and e-mail communications:
1) After you provide your e-mail address (e.g., during registration or where clearly indicated), we may send e-mails including a newsletter.
2) Legal basis: Article 6(1)(a) GDPR (consent) and/or Article 6(1)(f) GDPR (legitimate interest in communicating with users, within legal limits) depending on the context and message content.
3) You can unsubscribe at any time using the unsubscribe link included in the messages.


§6. Sharing Content with External Technology Providers (including AI tools)


1. To perform content generation, we may transfer to external technology service providers the data necessary to execute your request, in particular:
– the media you upload as source material (various media types);
– text descriptions (prompts), settings, and generation parameters.
2. As a rule, we do not transfer your account data that directly identifies you (e.g., name and surname), unless it is necessary to provide the service.
3. We apply data minimization: we share only what is required to complete the requested operation.


§7. Recipients of Data (Categories)


Your data may be disclosed to the following categories of recipients:
1. IT infrastructure, hosting, and system maintenance providers;
2. login/authentication service providers (if you choose external login);
3. technology service providers used to generate content (as described in §6);
4. Stripe – as the payment processor for subscriptions and credits;
5. accounting/settlement providers where necessary;
6. legal advisors and auditors where required;
7. public authorities where disclosure is required by law.


§8. Transfers Outside the EEA


1. Due to the use of global technology services, your data may be processed outside the European Economic Area (EEA).
2. Where such transfers occur, we use GDPR-required safeguards, in particular Standard Contractual Clauses or other appropriate mechanisms.


§9. Data Retention


1. We retain data for as long as necessary to achieve the purposes described in this Policy, including:
– account data: for the duration of your account and afterwards for the time needed to establish, exercise, or defend claims;
– billing and accounting data: for the period required by law;
– correspondence: for the time needed to handle the matter and for claim limitation periods;
– technical and security data: for a period justified by security and service stability needs.
2. Media and prompts provided for generation are generally stored only for as long as needed to provide the service, handle complaints, or investigate incidents, unless a longer retention is required by law or justified by the Controller’s legitimate interest (e.g., abuse prevention), or you validly request deletion where no exception applies.


§10. Security and Encryption


1. We apply technical and organizational measures appropriate to the risks, including access controls, least-privilege principles, and security procedures.
2. Encryption in transit: communication between the Application/Website and our systems uses encrypted connections (e.g., HTTPS/TLS).
3. Protection at rest: data stored in our systems is protected using security mechanisms of the cloud environment, including encryption at rest and access controls.
4. Privacy by design and minimization: we aim to limit the scope of processed and stored data to what is necessary for providing and securing the service.


§11. No Use of Your Data for Model Training


We do not use your prompts, uploaded media, or generated outputs to train or improve AI models. Your data is used solely to fulfil your requested generation and to operate and secure the service.


§12. Your Rights


Subject to applicable law, you have the right to: access, rectification, erasure, restriction of processing, data portability, and to object to processing based on Article 6(1)(f) GDPR.
Where processing is based on consent, you may withdraw consent at any time.
You also have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (Poland).
To exercise your rights, contact: support@vizmaker.com. We may request information necessary to verify your identity.


§13. Children


The service is not directed to individuals under 16 years of age. If we learn we have processed a child’s data without appropriate authorization, we will take steps to delete it.


§14. Changes to the Policy


We may update this Policy, especially due to legal or organizational changes. The current version is published on the Website.

COOKIE POLICY – vizmaker.com


§15. General Information


1. The vizmaker.com Website (the “Website”) automatically collects information contained in cookies.
2. Cookies are IT data, in particular text files, stored on the end device of the user and intended for using the Website. Cookies usually contain the domain name they originate from, their storage time on the end device, and a unique identifier.


§16. Purposes of Using Cookies


1. Cookies are used to:
a) tailor the Website content to user preferences and optimize the use of the Website;
b) create statistics that help understand how users use the Website, which enables improving its structure and content;
c) maintain a user session (after login), so the user does not have to re-enter login and password on each subpage;
d) ensure security, including detecting abuse and unauthorized access attempts;
e) (if applicable) deliver marketing/advertising content better tailored to user interests – only according to granted consents.


§17. Types of Cookies


1. The Website uses two main types of cookies:
– session cookies – temporary files stored on the user’s device until logout, leaving the Website, or closing the browser;
– persistent cookies – stored for the time specified in cookie parameters or until deleted by the user.
2. By purpose, the Website may use the following categories of cookies:
a) necessary cookies;
b) security cookies;
c) performance/analytics cookies;
d) functional cookies;
e) advertising/marketing cookies.


§18. Managing Cookies


1. Web browsing software (a browser) usually allows cookies to be stored on the user’s end device by default.
2. You can change cookie settings at any time, in particular to block automatic cookie handling, limit cookies, enable notifications, or delete stored cookies.
3. Detailed information on cookie management is available in your browser settings and its Help section.
4. Restricting cookies may affect some Website functionalities.


§19. Third-Party Cookies


Cookies placed on the user’s device may also be used by third-party partners cooperating with the Controller (e.g., analytics, marketing, or security providers), depending on the implemented solutions and granted consents.


§20. Changes to the Cookie Policy


The Cookie Policy may be updated. The current version is published on the Website.