Privacy Policy

1. Who is responsible for your personal data?

This Privacy Policy explains how personal data is collected, used and protected in connection with the website and platform available at visionmade.ai and the conversational AI widget known as Vera.

The service is operated by VISIONMADE AI LTD, trading as visionmade.ai, a company incorporated in England and Wales under company number 17173691, with registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom (the "Company", "visionmade.ai", "we", "us" or "our").

Contact email for privacy matters: [email protected]

Unless a Data Protection Officer is formally appointed, references in this Policy to the privacy contact do not imply that visionmade.ai has appointed a statutory Data Protection Officer.

VISIONMADE AI LTD is registered with the UK Information Commissioner's Office (ICO) under registration number 00013874353.

2. Scope of this Privacy Policy

Visionmade.ai is a two-sided AI SaaS service. It is used by business customers who deploy Vera on their own landing pages, and by members of the public who interact with Vera on those landing pages.

For clarity, this Policy covers the following groups:

• Creators: coaches, consultants, course providers, business owners or other professional customers who create an account with visionmade.ai, subscribe to the service and deploy Vera on their landing pages.
• Visitors: individuals who visit a Creator's landing page and interact with the Vera widget.
• Website visitors: individuals who visit the visionmade.ai website, contact us, request information or otherwise interact directly with visionmade.ai.

This Policy should be read together with our Terms and Conditions, Cookie Policy and, where applicable, the Data Processing Agreement entered into with each Creator.

3. Our role under data protection law

Depending on the context, visionmade.ai may act either as a controller or as a processor.

Creators are responsible for ensuring that their own landing pages include appropriate privacy information, AI transparency notices and, where required, consent mechanisms for their visitors. The Vera widget includes a short transparency notice, but this does not replace the Creator's own legal obligations.

4. What personal data do we process?

4.1. Data relating to Creators

When a Creator signs up for or uses the service, we may process the following categories of data:

• Identification and contact data, such as name, surname, email address, business name, role and contact details.
• Account data, such as login credentials, subscription status, account settings and authentication information.
• Business and onboarding data, including information about the Creator's offer, landing page URLs, audience, tone of voice, positioning, FAQs and other information submitted to configure Vera.
• Billing and payment-related data. Card details are processed by our payment processor and are not stored by visionmade.ai.
• Support and communications data, including emails, support tickets, call notes and feedback.
• Usage and technical data, such as IP address, device information, browser type, log data, timestamps and security events.

4.2. Data relating to Visitors interacting with Vera

When a Visitor interacts with Vera on a Creator's landing page, the following data may be processed:

• Conversation content, meaning the messages entered by the Visitor and the responses generated by Vera.
• Session identifier, meaning a randomly generated identifier used to link the conversation to a specific session or visit. This is not intended to identify the Visitor by name.
• Visit events, such as the fact that the Vera widget loaded during the session.
• Engagement events, such as whether a conversation was started, continued or completed.
• Conversion events, such as whether a Visitor clicked a purchase, booking or call-to-action button after interacting with Vera, linked to the relevant session identifier.
• Any personal data voluntarily disclosed by the Visitor during the conversation, such as details about their professional situation, interests, preferences, challenges or goals.

Visionmade.ai does not intentionally ask Visitors to provide names, email addresses, payment details or other directly identifying information inside Vera conversations. However, Visitors may choose to include personal data in free-text messages.

4.3. Special category data

Vera is not designed to collect special category data, such as health data, biometric data, political opinions, religious beliefs, trade union membership, sexual orientation or similar sensitive information.

Visitors should not include special category data or confidential information in conversations with Vera unless the Creator has expressly informed them that such processing is necessary, lawful and appropriately safeguarded.

4.4. Data relating to website visitors and leads

If you visit our website, contact us, book a call, request information or subscribe to updates, we may process identification, contact, communications, marketing preference, technical and usage data necessary to manage that interaction.

5. Purposes and legal bases

Where visionmade.ai acts as controller, we process personal data for the purposes and on the legal bases set out below.

6. Processing of Visitor conversation data through Vera

Vera is an AI-powered conversational widget that Creators deploy on their own landing pages. Its purpose is to help Visitors understand a Creator's offer, ask questions, receive contextual responses and, where relevant, take an action such as booking a call or clicking a purchase button.

Visitor conversation data is processed for the following purposes, subject to the Creator's instructions and lawful basis:

• enabling Vera to respond to Visitor messages in real time;
• maintaining conversation logs for the Creator's audience intelligence and service review;
• generating analytics and insight reports for the Creator;
• tracking engagement and conversion events linked to session identifiers;
• monitoring abuse, misuse, security issues or attempts to circumvent safety behaviours.

7. Artificial intelligence transparency

Vera is an AI assistant. Visitors must be clearly informed that they are interacting with an AI system before or at the start of the interaction, unless this is already obvious from the context.

Vera is designed to support engagement and information about a Creator's offer. It is not intended to provide legal, medical, financial, therapeutic or other regulated professional advice. Vera is not intended to make decisions that produce legal or similarly significant effects on individuals.

AI-generated responses may be incomplete, inaccurate or inappropriate in some circumstances. Visitors should not rely on Vera as a substitute for professional advice or for urgent, sensitive or high-risk matters.

8. Cookies, session identifiers and similar technologies

The Vera widget uses a session identifier to link a conversation to a specific visit. This allows the service to maintain conversational continuity during the session and to produce basic engagement and conversion analytics for the Creator.

The exact technical implementation may involve cookies, local storage or similar technologies. Strictly necessary technologies may be used without consent where they are required to provide the service requested by the user. Non-essential cookies or similar technologies will only be used where the required consent has been obtained.

A separate Cookie Policy describes the cookies and similar technologies used on visionmade.ai.

9. Who may access personal data?

We may share or make personal data available to the following categories of recipients where necessary:

• hosting and infrastructure providers, including Hetzner, whose EU data centre locations may include Germany and Finland;
• database and backend service providers, including Supabase, where the project is configured in an EU region;
• AI model providers, including OpenAI, where conversation messages are sent through the API to generate Vera's responses;
• security, CDN and network providers, including Cloudflare;
• payment, email, CRM, analytics, customer support and productivity providers;
• professional advisers, public authorities, courts or regulators where required by law or necessary to protect our legal interests.

We do not sell Visitor conversation data to third parties.

10. International transfers

Conversation logs and application data are hosted in the European Union through EU-based or EU-region infrastructure providers, including Hetzner and Supabase, where the relevant services are configured in EU data centre regions.

However, some service providers used to operate the platform may be established outside the European Economic Area or the United Kingdom. In particular, conversation messages may be processed by OpenAI through its API in order to generate Vera's responses, and traffic may pass through Cloudflare's global network for security, routing, DNS, CDN and related infrastructure purposes.

Where personal data is transferred outside the European Economic Area or the United Kingdom, visionmade.ai will ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including Standard Contractual Clauses or other legally recognised transfer mechanisms.

Personal data submitted to OpenAI through the API is processed to provide the service and is not intended to be used by OpenAI to train or improve its models, unless visionmade.ai expressly enables such data sharing.

11. How long do we keep personal data?

12. Your rights

Subject to the conditions and limits established by applicable data protection law, individuals may have the following rights:

• Right of access: to obtain confirmation as to whether personal data is being processed and to access that data.
• Right to rectification: to request correction of inaccurate or incomplete data.
• Right to erasure: to request deletion of personal data in certain circumstances.
• Right to restriction: to request restriction of processing in certain circumstances.
• Right to object: to object to processing based on legitimate interests or to direct marketing.
• Right to data portability: to receive certain data in a structured, commonly used and machine-readable format.
• Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting prior lawful processing.

Requests can be sent to [email protected].

If your request relates to a conversation with Vera on a Creator's landing page, the Creator will usually be the controller and primary contact for that request.

13. Complaints

If you believe that your personal data has not been processed in accordance with applicable data protection law, you may contact us first at [email protected].

As VISIONMADE AI LTD is incorporated in the United Kingdom and registered with the UK Information Commissioner's Office, the ICO is our primary supervisory authority for UK data protection matters.

Where the EU GDPR applies, individuals located in the European Union may also have the right to lodge a complaint with the supervisory authority in their EU Member State of residence.

14. Security

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include hosting on EU-based infrastructure, encrypted connections, server-side API key storage, access controls, rate limiting and domain restrictions.

No internet-based service can be guaranteed to be completely secure. Creators and Visitors should avoid submitting unnecessary, confidential or highly sensitive information through Vera.

15. Children

The service is not intended for use by children under the age of 16, and Creators must not deploy Vera on services targeted at children without prior written approval and an appropriate legal assessment.

16. Creator responsibilities

Creators who deploy Vera are responsible for providing clear privacy information to Visitors, informing Visitors that Vera is an AI assistant and that conversations may be logged, determining and documenting the lawful basis for processing Visitor conversation data, obtaining consent where required, and responding to Visitor rights requests where the Creator acts as controller.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the service, applicable law, providers or processing activities. Where changes are material, we will notify active Creators by email or through the platform within a reasonable period before the changes take effect.

18. Contact

For privacy-related questions or requests, please contact: