Privacy Policy

Vistrify Privacy Policy

Last updated: February 22, 2026

1. Who we are

Vistrify is operated by Thicle Sarl‑S, L‑8352 Dahlem, Luxembourg. Company No. B265768. VAT LU33898674. Contact: info@vistrify.com.

2. Eligibility

You must be at least 16 years of age to use Vistrify, in accordance with the Luxembourg implementation of the GDPR. By creating an account you confirm that you meet this requirement.

3. What data we collect

  • Account data: email address, hashed password, date of registration.
  • Site data: URLs, sitemap, blog URL, competitors, settings.
  • Content data: keywords, drafts, exports, internal links.
  • Usage data: page interactions, feature usage, audit logs.
  • Payment data: handled entirely by Stripe — we store only subscription identifiers, not card numbers or banking details.
  • Technical data: IP address (for rate limiting and security), browser type, and device information collected via analytics.

4. How we use your data

  • Provide and improve the Vistrify service.
  • Generate and optimize your content using AI models.
  • Measure product usage and performance.
  • Process payments and manage subscriptions.
  • Send transactional emails (verification, password reset, billing).
  • Prevent abuse and enforce rate limits.

5. Sub‑processors & international data transfers

We share data with the following third‑party processors strictly to provide the service:

  • OpenAI (US) — AI content generation. Prompts and content are sent to generate articles.
  • Anthropic (US) — AI content generation. Used as an alternative model provider.
  • Stripe (US) — Payment processing. Handles all card and billing data.
  • Resend (US) — Transactional email delivery (verification, password resets).
  • Vercel (US) — Application hosting and edge delivery.
  • Neon / PostgreSQL (US/EU) — Database hosting.
  • DataForSEO (US) — Keyword volume and difficulty data.
  • Google (US) — Analytics (GA4 in consent mode: limited cookieless measurement before preference selection and full analytics after consent) and Search Console integration.

Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and/or the processor's participation in recognised data protection frameworks, as required by GDPR.

6. AI & automated processing

Vistrify uses AI models to generate, refine, and humanize content on your behalf. This processing is performed to fulfil the service you requested (contractual basis). No automated decisions with legal or similarly significant effects are made about you based on this processing. You retain full editorial control over all generated content.

7. Analytics & cookies

We use the following cookies:

  • Essential: cookie_preferences — stores your cookie preference (localStorage). Required for the site to function.
  • Analytics: Google Analytics 4 runs in two modes: limited cookieless measurement first (consent mode, no ad personalization), and optional analytics cookies after consent (_ga, _ga_*) for fuller usage reporting.

You may change your cookie preference at any time by clearing your browser storage and revisiting the site.

8. Legal basis (GDPR Art. 6)

  • Contract (Art. 6(1)(b)): to provide the service you signed up for, including AI content generation.
  • Legitimate interests (Art. 6(1)(f)): to improve, secure, and monitor the service; prevent fraud.
  • Consent (Art. 6(1)(a)): for non‑essential cookies and any future marketing communications.

9. Data retention

  • Account and content data: retained while your account is active.
  • After account deletion: personal data is erased within 30 days. Anonymised usage statistics may be retained indefinitely.
  • Audit logs: retained for 12 months for security purposes.
  • Backup copies: purged within 90 days of deletion.

10. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability — receive your data in a structured, machine‑readable format.
  • Withdraw consent at any time (where consent is the legal basis).

To exercise any of these rights, email info@vistrify.com. We will respond within 30 days as required by GDPR.

If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with the Commission nationale pour la protection des données (CNPD), the Luxembourg supervisory authority, at cnpd.public.lu.

11. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNPD within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

12. Updates to this policy

We may update this policy and will notify users of material changes via email or in‑app notice. Continued use of the service after notification constitutes acceptance of the updated policy.