Privacy Policy

Last updated: January 29, 2026

Viclaro ("we", "us", "our", or "Viclaro") operates https://viclaro.app and the Viclaro SaaS platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully to understand our practices regarding your data.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Organization name and details (if provided)
  • Billing address and payment information (processed securely through Stripe)
  • Account preferences and settings

1.2 Content You Submit

When you use our Service to scan content, we collect:

  • URLs you submit for scanning
  • HTML content, text, and metadata from scanned pages
  • Generated findings, scores, and analysis reports
  • Any custom queries or prompts you provide

Important: We only process content that you explicitly submit to our Service. We do not crawl or access content you have not authorized us to scan.

1.3 Usage and Technical Data

We automatically collect certain information when you use our Service:

  • IP address and browser type
  • Device information and operating system
  • Usage metrics (scans performed, features accessed, timestamps)
  • Error logs and diagnostic information
  • Cookies and similar tracking technologies (see Section 8)

1.4 Payment Information

Payment processing is handled by Stripe, a third-party payment processor. We do not store your full payment card details. We only receive and store:

  • Stripe customer ID and subscription ID
  • Billing status and transaction history
  • Last four digits of payment cards (for identification purposes only)

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: Process scans, generate findings, and deliver analysis reports
  • Manage your account: Authenticate users, process subscriptions, and enforce usage limits
  • Process payments: Handle billing, invoicing, and subscription management through Stripe
  • Communicate with you: Send transactional emails (scan completion, billing notices, account updates), respond to support requests, and send important service announcements
  • Improve our Service: Analyze usage patterns, troubleshoot issues, and develop new features
  • Ensure security: Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations: Meet legal requirements, respond to legal process, and enforce our agreements

We do not: Sell your personal information, use your content to train AI models, or share your data with third parties for marketing purposes.

3. Data Sharing and Disclosure

We may share your information only in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who help us operate our Service:

  • Stripe: Payment processing and billing
  • AWS (Amazon Web Services): Cloud infrastructure and hosting
  • OpenAI / Google Cloud Platform: AI/LLM inference services for content analysis
  • Email service providers: Transactional email delivery

These service providers only receive the minimum data necessary to perform their functions and are contractually bound to protect your information.

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Respond to government requests

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Retention and Deletion

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account data: Retained while your account is active and for 30 days after account deletion
  • Scan content and findings: Retained for 12 months after your last scan, or 30 days after account cancellation, whichever comes first
  • Backup data: Backups are retained for 35 days after deletion from primary storage
  • Billing records: Retained as required by law (typically 7 years for tax purposes)

You may request deletion of your personal data at any time by emailing [email protected]. We will delete your data from primary and backup systems within 30 days, unless we are required to retain it by law.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using our cloud provider's managed encryption keys
  • Access controls: Access to production systems is restricted to authorized personnel only, with role-based access controls and audit logging
  • Security monitoring: We monitor our systems for security threats and vulnerabilities
  • Regular updates: We keep our software and infrastructure updated with security patches
  • Vulnerability scanning: We perform regular security scans and assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You can access and download your data through the Service's export features, or by requesting a copy from us at [email protected].

6.2 Correction

You can update your account information at any time through your account settings, or request corrections by contacting support.

6.3 Deletion

You can request deletion of your personal data by canceling your account or emailing [email protected]. We will honor your request subject to legal retention requirements.

6.4 Objection and Restriction

You can object to certain processing activities or request restriction of processing. Note that some processing is necessary for us to provide the Service.

6.5 Marketing Communications

We only send transactional emails by default. If you receive marketing communications, you can opt out at any time using the unsubscribe link in the email or by contacting us.

6.6 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of the sale of personal information (we do not sell personal information).

6.7 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by relevant data protection authorities
  • Data processing agreements with service providers
  • Compliance with applicable data protection frameworks

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Service:

  • Essential cookies: Required for the Service to function (e.g., session management, authentication). These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with our Service (if enabled)

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Service.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification to registered users (for material changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.