Privacy Policy

Effective Date: November 21, 2024

Vizco ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://vizco.co (the "Site") and use our AI governance services (the "Services").

1. Information We Collect

1.1 Personal Information You Provide

We may collect personal information that you voluntarily provide to us when you:

  • Schedule a demo or consultation through Calendly or other booking tools
  • Submit a job application via Google Forms or email
  • Contact us via email at info@vizco.co, chris@vizco.co, or daniel@vizco.co
  • Sign up for our Services or request information
  • Register for an account or subscribe to newsletters

This information may include:

  • Name
  • Email address
  • Phone number
  • Company name and job title
  • Resume and cover letter (for job applications)
  • Any other information you choose to provide

1.2 Automatically Collected Information

When you visit our Site, we may automatically collect certain information about your device and browsing activity, including:

  • IP address
  • Browser type and version
  • Device information (operating system, device type)
  • Pages viewed and time spent on pages
  • Referring website or source
  • Click-through data and interactions

1.3 Cookies and Tracking Technologies

We may use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior and preferences. You can control cookies through your browser settings.

1.4 OAuth and Third-Party Authentication Data

If you use our Services and authenticate via OAuth providers (e.g., Google, Microsoft), we may collect:

  • Your name and email address from the OAuth provider
  • Profile information you authorize us to access
  • Access tokens to enable secure integration with your authorized services

We only access the minimum data necessary to provide our Services and enforce governance policies. We do not store your OAuth credentials; instead, we use secure tokens that can be revoked at any time through your OAuth provider's settings.

1.5 Google API Services User Data

Our macOS application uses Google API Services to provide productivity features with AI governance and PII (Personally Identifiable Information) redaction. When you connect your Google Account to our application, we request access to the following Google services:

Google API Scopes We Request:

Gmail API

  • auth/gmail.modify - Read, compose, and send emails
  • auth/gmail.compose - Manage drafts and send emails

Why we need this: To provide email productivity features through AI assistants, including reading email content, composing responses, managing drafts, and sending emails on your behalf—all with automatic PII redaction to protect sensitive information.

Google Drive API

  • auth/drive - See, edit, create, and delete Google Drive files

Why we need this: To access, modify, and manage files from Gmail attachments and Drive, enabling AI-powered productivity features while applying PII redaction and governance policies to protect sensitive content.

Google Calendar API

  • auth/calendar - See, edit, share, and permanently delete calendars

Why we need this: To schedule, update, and delete meetings based on email requests and AI assistant interactions, providing seamless calendar management with governance controls.

Google API Services User Data Policy Compliance

Vizco's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure: We only use the data accessed through Google APIs to provide and improve the specific features you authorize. We do not use Google user data for serving advertisements, and we do not sell Google user data to third parties.

How We Process Google Data:

  • PII Redaction: We automatically detect and redact personally identifiable information (names, addresses, phone numbers, SSNs, account numbers, etc.) from your emails, documents, and calendar entries before processing them through AI models. This protects sensitive information while enabling AI productivity features.
  • Local Processing: Where possible, data processing occurs locally on your device to minimize data transmission.
  • Policy Enforcement: We enforce access controls, content policies, and action restrictions based on your organization's governance rules.
  • No Advertising: We never use your Google data for advertising purposes or sell it to third parties.
  • Minimal Storage: We only store Google data temporarily and only when necessary to provide the requested service (e.g., caching for performance). Most data is processed in real-time and not retained.

Google Data Retention:

We retain Google user data only for as long as necessary to provide our Services:

  • OAuth access tokens are stored securely on your device and can be revoked at any time
  • Temporary cache data is automatically deleted within 24 hours
  • When you disconnect your Google Account or uninstall our application, all associated Google data is immediately deleted
  • You can request immediate deletion of all Google data by contacting us at info@vizco.co

Revoking Access to Google Data:

You can revoke our application's access to your Google data at any time by:

  1. Visiting your Google Account Permissions page
  2. Finding "Vizco" in your list of connected apps
  3. Clicking "Remove Access"
  4. Or by disconnecting your account directly within our application settings

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our Services: Including AI governance, policy enforcement, PII redaction, access control, and audit capabilities across your email, documents, and calendar
  • To process Google API data: Reading, composing, and sending emails; managing Gmail drafts and attachments; accessing and modifying Google Drive files; scheduling and managing Google Calendar events—all with automatic PII redaction and policy enforcement
  • To communicate with you: Responding to inquiries, scheduling demos, sending updates, and providing customer support
  • To process job applications: Reviewing resumes and contacting candidates
  • To personalize your experience: Tailoring content and recommendations
  • To analyze and improve our Site: Understanding how users interact with our Site and optimizing performance
  • To enforce policies and ensure security: Detecting fraud, preventing abuse, protecting user data, and redacting sensitive information before AI processing
  • To comply with legal obligations: Responding to legal requests and enforcing our terms

Important: We do NOT use your Google user data (Gmail, Drive, Calendar) for advertising, marketing to third parties, or any purpose unrelated to providing the AI governance and productivity features you explicitly authorize. Your Google data is processed solely to deliver the services you request.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our Site and Services (e.g., hosting, analytics, email delivery, Calendly for scheduling). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Business Transfers: If Vizco is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • Legal Requirements: We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Vizco, our users, or others.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

Google User Data - No Sharing or Sale

We do NOT share, sell, or transfer your Google user data (Gmail, Drive, Calendar) to any third parties, except in the following limited circumstances:

  • When required by law (e.g., valid court order, government request)
  • To AI service providers (e.g., OpenAI, Anthropic) only after applying PII redaction to protect sensitive information, and only to provide the AI features you explicitly request
  • With your explicit, informed consent for a specific purpose

All AI service providers we work with are bound by strict data protection agreements and use your data only to provide the requested AI services—never for training models or other purposes.

4. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When your data is no longer needed, we will securely delete or anonymize it.

Google User Data Retention

We follow strict retention policies for Google user data:

  • Real-time Processing: Most Gmail, Drive, and Calendar data is processed in real-time and not stored permanently on our servers
  • Temporary Cache: Data cached for performance purposes is automatically deleted within 24 hours
  • OAuth Tokens: Access tokens are stored securely on your local device and can be revoked at any time
  • Account Disconnection: When you disconnect your Google Account or uninstall our application, all associated Google data is immediately and permanently deleted from our systems
  • User-Requested Deletion: You can request immediate deletion of all your Google data at any time by contacting info@vizco.co, and we will comply within 48 hours

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct or update inaccurate or incomplete information
  • Deletion: Request that we delete your personal information, subject to certain exceptions (e.g., legal obligations)
  • Opt-Out: Unsubscribe from marketing emails or withdraw consent for data processing
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Restriction: Request that we limit how we use your information
  • Object: Object to our processing of your personal information for certain purposes

To exercise any of these rights, please contact us at info@vizco.co. We will respond to your request within 30 days.

OAuth Data: You can revoke Vizco's access to your OAuth data at any time through your OAuth provider's account settings (e.g., Google Account Permissions, Microsoft Account Permissions).

6. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication protocols
  • Regular security audits and vulnerability assessments
  • Secure storage and processing infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Third-Party Links and Services

Our Site may contain links to third-party websites and services (e.g., Calendly, Google Forms, LinkedIn). We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any personal information.

8. Children's Privacy

Our Site and Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete it promptly.

9. International Data Transfers

Vizco is based in the United States. If you are accessing our Site or Services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our Site or Services, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page and update the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Vizco

501 Folsom St, San Francisco, CA 94105

Email: info@vizco.co

Privacy Contact: chris@vizco.co

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of your personal information (note: we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us at info@vizco.co.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • The right to access, rectify, or erase your personal data
  • The right to restrict or object to processing
  • The right to data portability
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes: performance of a contract, legitimate interests, compliance with legal obligations, and your consent.

Last updated: November 21, 2024