Privacy Policy

1. Introduction

Virixy Inc ("we", "us", or "our") operates Virixy Privacy AI ("Service"), a browser extension and web dashboard that provides comprehensive privacy protection through 6 powerful features: AI-powered privacy policy analysis, security scanning, tracking detection, cookie management, opt-out helper, and privacy automation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and dashboard. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, password, and profile information
• Payment Information: Billing address and payment method details (processed by Paddle)
• Usage Data: Privacy policy analyses, security scans, tracking detection results, cookie management data, opt-out requests, privacy actions, document uploads, and preferences
• Extension Data: Domains analyzed, browser information, extension settings, and feature usage across all 6 features
• Communication Data: Messages, support requests, and feedback

2.2 Automatically Collected Information

We automatically collect certain information when you use our browser extension and dashboard:

• Device Information: IP address, browser type, operating system, device identifiers, and extension version
• Usage Information: Pages visited, features used (AI policy analysis, security scanning, tracking detection, cookie management, opt-out helper, privacy actions), time spent, and click patterns
• Extension Activity: Domains analyzed, analysis results, security scan data, tracking detection results, cookie consent preferences, and privacy action recommendations
• Log Data: Access times, error logs, and performance metrics
• Cookies and Tracking: See our Cookie Policy section below

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our browser extension and dashboard service with all 6 privacy protection features
• To process transactions and manage subscriptions (free tier: 2 domains per feature per month; premium: unlimited)
• To deliver privacy analysis results, security scans, tracking detection, cookie management, opt-out assistance, and privacy action recommendations
• To sync data between your browser extension and web dashboard
• To send you service-related communications and updates
• To respond to your inquiries and provide customer support
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service
• To analyze usage patterns and improve user experience across all features
• To send marketing communications (with your consent, where required)

4. Payment Data Processing - Paddle

We use Paddle as our payment processor for subscription management. When you make a payment, Paddle collects and processes your payment information. This section explains how payment data is handled:

4.1 Data Shared with Paddle

When you subscribe, we share the following information with Paddle:

• Your email address
• Your name (if provided)
• Subscription plan details
• Billing address (if required)

4.2 Payment Information

Paddle directly processes all payment card information. We do not store, process, or have access to your full payment card details. Paddle handles all payment data in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements.

4.3 Paddle's Privacy Policy

Paddle's processing of your payment data is governed by their Privacy Policy. We encourage you to review Paddle's privacy practices at https://paddle.com/legal/privacy.

4.4 Subscription Management

Paddle provides us with subscription status, transaction history, and customer identifiers necessary to manage your subscription and provide customer support.

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our contractual obligations to provide the Service
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Consent: For marketing communications and optional features (you can withdraw consent at any time)
• Legal Obligations: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Paddle: Payment processing and subscription management
• Cloud Hosting Providers: Data storage and infrastructure
• Email Service Providers: Transactional and marketing emails
• Analytics Providers: Service usage analysis (anonymized data)

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6.4 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained while your account is active and for 30 days after deletion
• Payment Records: Retained for 7 years as required by tax and accounting laws
• Usage Data: Retained for up to 2 years for analytics and service improvement
• Support Communications: Retained for 3 years for customer service purposes

8. Your Rights (GDPR)

Under GDPR and other applicable data protection laws, you have the following rights:

8.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to certain exceptions.

8.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us at help@updates.virixy.com. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure payment processing through Paddle (PCI DSS compliant)
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Compliance with GDPR requirements for international transfers
• Verification that service providers maintain adequate data protection standards

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also notify you via email of any material changes.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.