Privacy Policy

1. INTRODUCTION

VIVID VERSE GLOBAL ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Pixel Prism platform and related services (collectively, the "Service").

This Privacy Policy applies to all users of our Service and should be read in conjunction with our Terms of Service. By using our Service, you consent to the collection and use of your information as described in this Privacy Policy.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and UK Data Protection Act 2018.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, business name, phone number, billing address
• Authentication Data: Login credentials, security questions, two-factor authentication settings
• Profile Information: Business description, industry, marketing preferences, profile photos
• Content: Product images, descriptions, marketing materials, AI prompts, generated content
• Communications: Support requests, feedback, survey responses, messages to our team
• Payment Information: Billing details processed through our payment processor (Stripe)
• Marketing Preferences: Subscription choices, communication preferences, opt-in/opt-out selections

2.2 Information Collected Automatically

We automatically collect certain information when you use our Service:

• Usage Data: Features used, time spent, click patterns, navigation paths, session duration
• Device Information: IP address, browser type, operating system, device type, screen resolution
• Technical Data: Error logs, performance metrics, API calls, system diagnostics
• Location Data: General geographic location based on IP address (city/region level)
• Cookies and Tracking: Session identifiers, preference settings, analytics data
• AI Interaction Data: Prompts, generated outputs, model usage patterns, quality ratings

2.3 Information from Third Parties

We may receive information from third-party sources:

• Authentication Providers: Information from Clerk, Google, or other identity providers
• Payment Processors: Transaction data, billing status, payment method information from Stripe
• Social Media Platforms: Profile information if you connect social accounts
• Analytics Services: Website usage data from analytics providers
• Marketing Partners: Lead information, referral data, campaign performance metrics

3. HOW WE USE YOUR INFORMATION

3.1 Service Provision

• Creating and managing your account and subscription
• Processing AI generation requests and providing personalized results
• Storing and organizing your content and product profiles
• Facilitating payment processing and billing
• Providing customer support and technical assistance
• Delivering requested features and functionality

3.2 Service Improvement and Development

• Training and improving our AI models and algorithms
• Analyzing usage patterns to enhance user experience
• Developing new features and services
• Conducting research and development activities
• Testing and quality assurance
• Performance optimization and bug fixes

3.3 Communication and Marketing

• Sending service-related notifications and updates
• Providing customer support and responding to inquiries
• Sending marketing communications (with your consent)
• Conducting surveys and collecting feedback
• Announcing new features, updates, and promotional offers

3.4 Security and Compliance

• Detecting and preventing fraud, abuse, and security threats
• Ensuring compliance with legal obligations and regulations
• Protecting our rights and the rights of our users
• Maintaining audit trails and system integrity
• Responding to legal requests and law enforcement

3.5 Analytics and Business Intelligence

• Analyzing user behavior and Service performance
• Generating business insights and reporting
• Measuring marketing campaign effectiveness
• Understanding market trends and user preferences
• Making data-driven business decisions

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA) and UK, we process your personal data based on:

• Contract Performance: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Improving our Service, security, fraud prevention, business analytics
• Consent: Marketing communications, optional features, cookies (where required)
• Legal Compliance: Meeting regulatory requirements, responding to legal requests
• Vital Interests: Protecting safety and security in emergency situations

5. INFORMATION SHARING AND DISCLOSURE

5.1 Service Providers and Partners

We share information with trusted third parties who assist in providing our Service:

• Cloud Infrastructure: Convex, AWS, Google Cloud for data storage and processing
• Payment Processing: Stripe for secure payment handling
• Authentication: Clerk for user authentication and identity management
• AI Services: OpenAI and other AI providers for content generation
• Analytics: Vercel Analytics and other analytics providers
• Communication: Email service providers for notifications and support
• Customer Support: Helpdesk and support ticket management systems

5.2 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity, subject to the same privacy protections.

5.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Prevent fraud, abuse, or illegal activities
• Enforce our Terms of Service
• Respond to emergency situations involving public safety

5.4 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

6. DATA SECURITY AND PROTECTION

6.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication, least privilege principles
• Infrastructure Security: Secure cloud hosting, regular security audits, penetration testing
• Data Isolation: User data segregation, secure databases, backup encryption
• Monitoring: 24/7 security monitoring, intrusion detection, anomaly detection
• Incident Response: Defined procedures for security breaches and data incidents

6.2 Employee Access

Access to your personal information is restricted to authorized personnel who need it to provide the Service. All employees sign confidentiality agreements and receive regular security training.

6.3 Data Breach Response

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

7. DATA RETENTION

7.1 Retention Periods

• Account Data: Retained while your account is active, plus 90 days after deletion
• Content: User-generated content retained per subscription terms, up to 2 years after account closure
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Usage Logs: Retained for 2 years for security and analytics purposes
• Support Communications: Retained for 3 years for quality assurance
• Marketing Data: Retained until you opt out or for 3 years of inactivity

7.2 Deletion Process

When data is deleted, we use secure deletion methods to ensure it cannot be recovered. Some information may be retained in encrypted backups for disaster recovery purposes for up to 12 months.

8. YOUR PRIVACY RIGHTS

8.1 General Rights

Depending on your location, you may have the following rights:

• Access: Request copies of your personal information
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request limitation of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing (where applicable)

8.2 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

8.3 Exercising Your Rights

To exercise your privacy rights, contact us at info@vividverseglobal.com or through your account settings. We will respond to verified requests within 30 days (or as required by applicable law).

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.

9.2 Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with adequate protection levels
• Certification schemes and codes of conduct
• Additional security measures for sensitive data

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies

We use various types of cookies and similar technologies:

• Essential Cookies: Required for basic Service functionality
• Performance Cookies: Collect information about Service usage and performance
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand user behavior and improve our Service
• Marketing Cookies: Used for targeted advertising and campaign measurement

10.2 Cookie Management

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may limit Service functionality.

11. CHILDREN'S PRIVACY

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. THIRD-PARTY LINKS AND SERVICES

Our Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

We are not responsible for the privacy practices or content of third-party services, even if accessed through our platform.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices in our Service
• Requiring acknowledgment for significant changes

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

14. DATA PROTECTION OFFICER

For data protection matters and privacy concerns, you may contact our Data Protection Officer at:

15. SUPERVISORY AUTHORITY

If you are located in the EEA or UK and have concerns about our privacy practices, you have the right to lodge a complaint with your local supervisory authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your local Data Protection Authority

16. CONTACT INFORMATION

For privacy-related questions, concerns, or requests, please contact us:

We are committed to addressing your privacy concerns promptly and will respond to your inquiry within 30 days or as required by applicable law.