Privacy Policy

1. Who we are

Vyzora ("Vyzora," "we," "us") operates the Vyzora Lens publication and related websites at vyzora.ai and vyzora.io. This Privacy Policy describes how we collect, use, store, and disclose information about subscribers and visitors.

2. Information we collect

2.1 Information you provide directly

• Account information: email address, password (stored hashed by Firebase Authentication), and any profile details you choose to add.
• Authentication: if you sign in with Google, we receive your Google account email, basic profile, and a token issued by Google.
• Phone number (optional sign-in method): if you choose to sign in with phone, we collect your mobile number in E.164 format and a one-time SMS verification code. Your number is stored by Firebase Authentication as an authentication identifier. You explicitly consent to receive a one-time SMS before we send it; standard message and data rates may apply. You can reply STOP at any time to opt out, and you may also delete the associated account to remove your phone number from our system entirely (see §8, "Your rights").
• Billing: when you subscribe, payment-method information (card number, expiry, CVV, billing address) is collected and processed by Stripe. Vyzora never sees or stores your full card number.
• Communications: emails or support messages you send to us (for example, to support@vyzora.ai).
• Disclaimer acknowledgement: when you accept the legal disclaimer modal in Vyzora Lens, we record your user ID, server timestamp, IP address, and user agent for evidentiary purposes.

2.2 Information collected automatically

• Usage and request data: IP address, user-agent string, request timestamps, requested URL, and HTTP response status, captured by Google Cloud Run for operational logging.
• Session storage / local storage: small browser-side values used to remember your selected theme, your disclaimer acknowledgement for the session, and (briefly, before the server-side record is written) your authentication token.
• We do not currently use third-party advertising cookies, retargeting pixels, or behavioural ad networks.

3. How we use your information

• Deliver the Service. Authenticate you, gate access by subscription tier, render dashboards, and serve content.
• Authenticate via SMS (if you chose phone sign-in). We send a single one-time verification code to the number you provided so you can access your account. We do not send marketing or promotional SMS. Your number is never shared, sold, or used for anything other than authentication to Vyzora.
• Process payments. Through our payment processor, charge your card on the cadence you selected and provide receipts.
• Maintain compliance records. Persist your acceptance of the legal disclaimer to demonstrate informed consent.
• Operate and secure the Service. Detect and respond to abuse, fraud, and operational issues.
• Communicate with you. Send transactional emails (sign-up, password reset, billing, security) and, with your consent, occasional product updates. You can opt out of non-transactional emails at any time.
• Comply with law. Respond to lawful requests, enforce our Terms, and protect our rights.

4. Third-party data processors

Vyzora uses the following service providers, each acting as a data processor on our behalf. They handle your data subject to their own privacy policies and to data-processing addenda with us where required.

Processor	Purpose	Region
Google Cloud (Firebase Authentication, Firestore, Cloud Run, Secret Manager)	Account auth, user records, application hosting, secret storage, and — for phone sign-in — the delivery of the one-time SMS verification code to the number you provide	us-central1 (United States)
Stripe, Inc.	Subscription billing, payment processing, Customer Portal	United States
Cloudflare, Inc.	DNS, email routing for @vyzora.ai/@vyzora.io, edge protection	United States and global edge
Polygon.io, Finnhub, E*TRADE	Market data sources for the Lens dashboard (they do not receive your personal data — only Vyzora's API requests)	United States

5. Cookies and similar technologies

The Vyzora Service uses browser localStorage and sessionStorage rather than persistent tracking cookies. The values we set are:

• vyzora_theme — remembers light/dark theme preference.
• vyzora_disclaimer_v1 — records that you acknowledged the legal disclaimer in this session.
• A short-lived authentication token issued by Firebase, used to authorize API calls.

If you clear browser storage, you will be signed out and the disclaimer modal will reappear.

6. How we disclose information

We share your information only with:

• Our processors listed above, strictly for the purposes shown.
• Law-enforcement or government authorities, in response to lawful requests we determine to be valid.
• A successor entity in the event of a merger, acquisition, or sale of assets — subject to materially equivalent privacy protections.

We do not sell or rent your personal information and we do not share it with advertisers.

7. Data retention

• Account data: retained while your account is active and for up to 24 months after account closure to satisfy tax, accounting, and audit obligations.
• Billing records (via Stripe): retained per Stripe's policies and applicable financial-record retention rules (typically 7 years).
• Disclaimer acceptance records: retained for the longer of 7 years or any applicable statute of limitations, for evidentiary purposes.
• Operational logs: retained for up to 90 days, then deleted or aggregated.

8. Your rights

Subject to applicable law (including the California Consumer Privacy Act / CPRA, GDPR for EEA users, and similar state laws), you have the right to:

• Access a copy of the personal information we hold about you;
• Correct inaccurate information;
• Delete your account and associated personal information (subject to retention requirements above);
• Opt out of marketing communications (transactional emails will continue);
• For California residents: not be discriminated against for exercising your rights;
• For EEA users: lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@vyzora.ai. We will respond within 30 days.

8a. SMS / TCPA notice

If you elect to sign in with a mobile phone number, Vyzora will send you one SMS message per sign-in attempt, containing only a 6-digit verification code. Consent to receive this SMS is collected at the phone-entry screen before any message is sent. Vyzora does not send marketing, promotional, or transactional SMS of any kind — the only SMS Vyzora originates is the one-time authentication code.

You can revoke your consent at any time by:

• Replying STOP to the verification SMS (the carrier will block further SMS from the Vyzora sender);
• Deleting the associated Vyzora account, which removes the phone number from our authentication records; or
• Emailing privacy@vyzora.ai to request removal.

Standard message and data rates from your mobile carrier may apply. Vyzora does not charge for the SMS itself. The SMS is generated and delivered by Google Cloud (Firebase Authentication) as our processor; see §4 above.

9. Security

We use industry-standard security controls: TLS 1.2+ for all data in transit; Google-managed encryption at rest for data in Firestore and Secret Manager; least-privilege IAM bindings; and access logging. No system is perfectly secure — if you suspect a vulnerability, please contact security@vyzora.ai.

10. International transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your country of residence. By using the Service, you consent to this transfer.

11. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected such information, contact privacy@vyzora.ai and we will delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and/or by prominent notice in the Service. The "Effective date" at the top reflects the most recent version.

13. Contact

Privacy inquiries: privacy@vyzora.ai
Security disclosures: security@vyzora.ai
General support: support@vyzora.ai