Privacy policy
Last updated: 2026-05-05
Who we are
Vividly is operated by the project owner as the data controller. For privacy enquiries, write to info@vividly-studio.com.
Data we collect
When you sign in with Google we receive your email address, display name, profile picture, and a Google account identifier. Nothing else from Google. As you use the service we store the trip data you create: titles, destinations, dates, party composition, dietary tags, custom instructions, day-by-day notes, saved places, saved routes, special events, share-link tokens, locale preference, and chat messages. We never collect device identifiers, location, advertising IDs, or behavioural analytics.
How we use it and why we are allowed to
We process your account and trip data to deliver the service you signed up for. The lawful basis is performance of a contract (GDPR Article 6(1)(b)). We process AI chat content and uploaded files on your active opt-in each time you use those features. The lawful basis there is consent (Article 6(1)(a)). We do not sell, share for marketing, profile, or use your data for advertising or analytics.
AI chat and file uploads
Messages you send in chat are stored on the trip and sent to Google Vertex AI to generate the response. When you import files (screenshots, PDFs, blog posts, plain text) for venue extraction, the file contents are sent to Vertex AI for processing. We do not retain the original file binaries. Only the venue records the model extracted, which you confirm before we save them. You are responsible for any third-party personal data contained in files you upload; do not upload restricted-category data such as health records, financial documents, or government IDs.
Subscription payments
When you subscribe, payments are processed by PayPal (Holdings) Inc., a Level 1 PCI-DSS-compliant payment provider acting as an additional sub-processor for the subscription feature. We never see, receive, or store your card number, expiry, CVV, or PayPal account password. PayPal returns to us a subscription identifier, the current billing-period dates, the subscription status, and event notifications (creation, activation, renewal, payment failure, cancellation, expiry); we store those alongside your account so we can grant access and reconcile state. Your data export under GDPR Article 15 includes your subscription identifier and billing-period history; it does not include payment-instrument details, which remain solely with PayPal under their own privacy notice.
International transfers
Our database, application, and authentication run in the European Union.
How long we keep your data
Trip data, chat messages, places, routes, and uploaded venue extractions are retained until you delete them or until you delete your account. Operational logs are kept for 30 days. Cached public information about real-world places (addresses, coordinates) is kept for up to 90 days and refreshed on demand. This cache is impersonal and shared across users. Records of account deletions are retained as long as needed to demonstrate compliance with subject-access requests.
Your rights
You can download every record we hold about you as a JSON file from your account settings (right of access, GDPR Article 15; right to portability, Article 20). You can edit your trip data directly in the app (right to rectification, Article 16). You can delete your account at any time from settings; deletion is immediate, cascades to all your trip data, and removes your authentication record (right to erasure, Article 17). You also have the right to object to processing or to lodge a complaint with your national supervisory authority. For EU users, the authority of your country of residence.
Cookies and local storage
We use only what is strictly necessary for the service to work: a cookie that keeps you signed in (set by our authentication provider), a cookie that remembers your language preference, and a single browser-storage flag that records you have seen the cookie notice so we do not show it again. We do not use analytics, advertising, fingerprinting, or any third-party tracking.
Contact and complaints
For any data protection question, request, or complaint, write to info@vividly-studio.com. We will respond within 30 days. If you are in the EU and remain dissatisfied, you may also lodge a complaint with the supervisory authority in your country of residence.