VayVix
LoginStart Free
Legal

Privacy Policy

Last updated: February 19, 2026

1. Introduction

VayVix ("we", "our", or "us") is committed to protecting the privacy of our users ("you" or "your") and the end-users with whom you communicate through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the VayVix platform and services. By using the Service, you consent to the data practices described in this policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

Account Information

When you create an account, we collect your name, email address, phone number, company name, job title, and other registration details you provide.

Usage Data

We automatically collect information about how you interact with the Service, including your IP address, browser type and version, device information, operating system, pages visited, features used, timestamps, clickstream data, and referring URLs.

Content Data

We process content you create or upload through the Service, including chatbot configurations, message templates, campaign content, media files, and automated workflow definitions.

End-User Data

When you use the Service to communicate with your end-users, we process data on your behalf, including contact information, message content, conversation history, and any other data transmitted through the platform. You are the data controller for this data.

Payment Information

Payment transactions are processed through secure third-party payment processors. We do not directly store your full credit card numbers or banking details. We may retain transaction IDs, billing addresses, and payment history for record-keeping purposes.

Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. See Section 12 for details.

3. Legal Basis for Processing

We process your personal data on the following legal bases, as applicable under data protection laws:

  • Contract: Processing necessary to perform our contract with you (providing the Service).
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and security, where these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings.
4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process transactions and manage your subscription.
  • To send you service-related communications, including account notifications, technical notices, updates, and security alerts.
  • To respond to your inquiries and provide customer support.
  • To analyze usage patterns and improve the functionality, performance, and user experience of the Service.
  • To detect, prevent, and address fraud, abuse, security issues, and technical problems.
  • To enforce our Terms of Service and protect the rights, property, and safety of VayVix and our users.
  • To comply with applicable legal obligations and respond to lawful requests from public authorities.
  • To send marketing communications, where you have consented to receive them (you may opt out at any time).
5. Data Processing on Behalf of Users

When you use VayVix to communicate with your end-users, VayVix acts as a data processor on your behalf. You, as the user, act as the data controller and are responsible for ensuring that your collection, use, and processing of end-user data complies with all applicable data protection laws.

  • We process end-user data solely on your instructions and for the purpose of providing the Service.
  • We implement appropriate technical and organizational security measures to protect end-user data.
  • We do not use end-user data for our own purposes, such as advertising, profiling, or marketing.
  • We engage sub-processors only as necessary to provide the Service and require them to maintain equivalent levels of data protection.
  • We will assist you in fulfilling your obligations to respond to data subject rights requests.
  • We will notify you promptly if we become aware of any personal data breach affecting end-user data.
  • Upon termination of your account, we will delete or return end-user data in accordance with our data retention policy.
6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: We share data with trusted third-party service providers who assist in operating the Service (hosting, analytics, email delivery, payment processing). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Channel and Platform Providers: To deliver messages across various communication channels, we share necessary data with the respective platform providers. This sharing is limited to what is required to deliver the Service.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data.
  • Aggregated and Anonymized Data: We may share aggregated or anonymized data that cannot reasonably be used to identify you for research, analytics, or business purposes.
7. Limited Use Disclosure

Data obtained through third-party integrations and APIs connected to the Service is subject to the following restrictions:

  • Such data is used solely to provide and improve the core functionality of the Service as requested by the user.
  • We do not transfer or sell this data to third parties unless necessary to provide the Service, comply with applicable laws, or as part of a merger or acquisition.
  • We do not use this data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
  • We do not use this data for any purpose unrelated to the core functionality of the Service.
  • Human access to this data is limited to what is necessary for security purposes, to comply with applicable law, to respond to user requests, or to provide and improve the Service, and only with appropriate access controls and audit logging.
8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active account data is retained for the duration of your account.
  • Upon account termination, we will delete or anonymize your personal data within 90 days, except where retention is required for legal, tax, audit, or fraud prevention purposes.
  • End-user data processed on your behalf will be deleted in accordance with our Terms of Service upon account termination.
  • Usage logs and analytics data are retained in anonymized form for up to 24 months for service improvement purposes.
  • Payment records are retained as required by applicable tax and accounting laws.
9. Data Security

We implement and maintain appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL and encryption of data at rest using industry-standard encryption algorithms.
  • Role-based access controls with the principle of least privilege.
  • Regular security assessments, vulnerability scanning, and penetration testing.
  • Secure software development practices, including code reviews and security testing.
  • Incident response procedures to detect, respond to, and recover from security incidents.
  • Employee security awareness training and confidentiality obligations.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

Under Data Protection Laws (including GDPR)
  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request limitation of processing of your personal data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your rights have been violated.
Under Consumer Privacy Laws (including CCPA)
  • Right to Know: Request information about the categories and specific pieces of personal data we collect, use, and disclose.
  • Right to Delete: Request deletion of your personal data, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal data. If this practice changes, you will have the right to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the time period required by applicable law (typically 30 days). We may ask you to verify your identity before processing your request.

11. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than the country in which you reside. When we transfer personal data internationally, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including standard contractual clauses, adequacy decisions, or other legally recognized transfer mechanisms. By using the Service, you acknowledge that your data may be transferred internationally as described in this section.

12. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Necessary for the operation of the Service (authentication, security, session management). These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service to improve performance and user experience. These collect anonymized usage data.
  • Preference Cookies: Remember your settings and preferences (language, theme, display preferences) to provide a personalized experience.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may impact the functionality of the Service. Most browsers allow you to refuse or delete cookies. The methods for doing so vary by browser; please consult your browser's help documentation.

13. Children's Privacy

The Service is not intended for use by individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information as promptly as possible. If you believe we have collected personal data from a child, please contact us immediately at [email protected].

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Due to the lack of a uniform industry standard for recognizing and implementing DNT signals, we do not currently respond to DNT signals. We will continue to monitor developments in DNT technology and may update our practices accordingly.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. For significant changes, we will provide additional notice through in-app notifications or email. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected] VayVix — Customer Engagement Platform