Privacy Policy

Last updated: May 3, 2026

This Privacy Policy explains how Tetiana Zhydkova, Individual Entrepreneur ("Visuan", "we", "us", or "our") collects, uses, and protects your personal data when you use the Visuan service available at visuan.ai (the "Service").

We are the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR) and applicable Ukrainian data protection law.

1. Information We Collect

We collect the following categories of personal data:

Account information: When you create an account, we collect your name, email address, and password (managed by our authentication provider, Clerk). If you provide it, we also collect your company name.

Payment information: Payments are processed by Paddle, our Merchant of Record. We do not store your full payment card details. We only receive limited information needed for our records, such as the last four digits of your card, billing country, and transaction status.

Content data: When you use the Service, you may submit URLs of blog articles, text content, and other inputs. We process this content and store the resulting generated images and metadata associated with your account.

Usage data: We collect information about how you interact with the Service, including pages visited, features used, time spent, IP address, browser type, device information, and approximate location based on IP.

Cookies and tracking: We use cookies and similar technologies for essential functions (such as keeping you logged in) and for analytics. See Section 7 for details.

Communications: If you contact us by email or through forms on the Service, we collect the content of those communications.

2. How We Use Your Data

We use your data for the following purposes:

Providing the Service: Processing your inputs, generating Output Content, managing your account, providing customer support. Legal basis: performance of a contract.

Billing and payments: Processing subscription payments, sending invoices, preventing fraud. Legal basis: performance of a contract and legal obligation.

Improving the Service: Analyzing usage patterns to identify bugs and improve features. Legal basis: legitimate interest.

Communications: Sending service-related emails (account notifications, billing, security alerts) and, with your consent, marketing emails about new features. Legal basis: performance of a contract for service emails; consent for marketing emails.

Legal compliance: Complying with applicable laws, responding to legal requests, enforcing our Terms. Legal basis: legal obligation and legitimate interest.

We do not sell your personal data to third parties.

3. Data Sharing and Third-Party Processors

We share your data with the following categories of third-party processors who help us operate the Service. Each processor is bound by data protection agreements and processes your data only on our instructions.

Authentication: Clerk Inc. (USA) — manages user sign-up, login, and account credentials.

Database and storage: Supabase Inc. (USA) — stores account data, content metadata, and generated images.

Hosting: Vercel Inc. (USA) — hosts the Service infrastructure.

Payment processing: Paddle.com Market Limited (UK) — processes all payments as our Merchant of Record. Paddle has its own privacy policy available at paddle.com/legal/privacy.

AI processing: OpenAI, L.L.C. (USA) and Anthropic, PBC (USA) — process input text to generate Output Content. We send only the necessary content for generation; we do not share your account credentials or payment information with these providers.

Email delivery: Mailchimp (USA) — sends transactional and marketing emails (where you have consented).

Analytics: Google Analytics (USA) — provides aggregated usage analytics. IP addresses are anonymized.

Some of these providers are located outside the European Economic Area (EEA), primarily in the United States. We rely on Standard Contractual Clauses approved by the European Commission and other appropriate safeguards to ensure your data is protected when transferred internationally.

4. Data Retention

We retain your personal data for as long as your account is active. After you cancel your account, we retain your data for 30 days to allow recovery in case of accidental cancellation, after which it is permanently deleted from our systems.

We may retain certain data longer if required by law (such as billing records, which we keep for the period required by Ukrainian tax law) or to defend against legal claims.

Backups are typically retained for up to 90 days and are then automatically overwritten.

5. Your Rights

If you are located in the European Economic Area, the United Kingdom, or California, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request that we restrict processing of your data in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest, including direct marketing
• Withdraw consent: Where processing is based on consent, withdraw your consent at any time

For California residents, you also have the right under the California Consumer Privacy Act (CCPA) to know what personal information we collect, to request deletion, and to opt out of the sale of personal information (we do not sell your data).

To exercise any of these rights, email us at hello@visuan.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Ukraine, this is the Ombudsman of the Verkhovna Rada of Ukraine for Human Rights. In the EU, you may contact the data protection authority of your country of residence.

6. Security

We implement reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (HTTPS) and at rest
• Access controls and authentication for our systems
• Regular security reviews of our infrastructure
• Use of reputable third-party processors with strong security practices

No method of transmission or storage is 100% secure. While we work to protect your data, we cannot guarantee absolute security. If we become aware of a personal data breach affecting your data, we will notify you and the relevant data protection authority as required by law.

7. Cookies

We use cookies and similar technologies for the following purposes:

Essential cookies: Required for the Service to function (such as session cookies that keep you logged in). These cannot be disabled.

Analytics cookies: Help us understand how the Service is used. We use Google Analytics for this purpose, with IP anonymization enabled.

Marketing cookies: Used only with your consent, where applicable.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at hello@visuan.ai and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect.

The "Last updated" date at the top of this Policy indicates when it was last revised.

10. Contact

For privacy questions, requests, or complaints, please contact:

Tetiana Zhydkova, Individual Entrepreneur
Lvivska 61b, Lutsk, 43018, Ukraine
Email: hello@visuan.ai

This Privacy Policy is effective as of May 3, 2026.