Privacy Policy

Last updated: May 2025

Summary (plain language): We store only what is needed to run the service — your email, username, hashed password, uploaded files, and project data. We never sell your data. You can download everything you've uploaded and delete your account at any time. Stripe processes all payments; we only store identifiers they give us.

1. Who We Are

Vision Control Inc. ("we", "us", "our") is a file version-control and collaboration service. For the purposes of EU/UK data-protection law, we are the data controller for the personal data described in this policy.

If you have questions about how we handle your data, contact us at: support@visioncont.org

2. Data We Collect

2.1 Account data

Field	Why we collect it	Stored as
Email address	Account login, transactional emails	Plain text (unique)
Password	Authentication	bcrypt hash — never plain text
Username	Display name across the service	Plain text
Bio & avatar	Optional public profile	Plain text / base-64 image
Account creation date	Service administration	Timestamp

2.2 Project & file data

When you create projects and upload files we store the project metadata (name, description, visibility setting) and every version of every file you upload, including the filename, file size, storage path, version history, and the approval status of each version. File content is stored either on our VPS filesystem, in Cloudflare R2 object storage, or in our PostgreSQL database (for small delta records). We also store folder structure and per-file privacy settings you configure.

2.3 Collaboration data

We store the list of collaborators on each project, their assigned roles (collaborator / manager / co-owner), and who added them and when. Join-request messages and their acceptance/rejection status are also stored.

2.4 Usage & operational data

Storage snapshots: per-project total bytes, file count, and version count — refreshed after every upload or deletion.
Compute usage log: operation type (diff / upload), file size, processing time, and the user who triggered it — used for capacity planning, not billing.
Session data: your login session is stored in PostgreSQL and identified by an HTTP-only, Secure, SameSite=Lax cookie. Sessions expire after 24 hours of inactivity.
API tokens: if you create a desktop-client token we store a SHA-256 hash of the token (never the raw value) and a label.
Desktop client identifiers: if you send review requests to clients, we store each client's email in your personal address book.

2.5 Email-related tokens

We create short-lived tokens for email verification (24-hour expiry) and password-reset links (1-hour expiry). These tokens are stored in the database and are invalidated immediately after use.

2.6 Payment data

Payments, subscriptions, and payouts are processed entirely by Stripe. We store only the Stripe-assigned identifiers Stripe gives us: stripe_customer_id, stripe_subscription_id, and your current plan key (free / pro / business / enterprise). We never store card numbers, bank account details, or any other raw payment data. If you enable Stripe Connect payouts, your Stripe Connect account ID (stripe_account_id) and onboarding/payout status are stored.

2.7 Notification preferences

We store your preferences for email notifications and daily-digest emails. You can change or disable these from your profile at any time.

2.8 Data we do NOT collect

We do not use third-party analytics or advertising pixels.
We do not use tracking cookies beyond the session cookie described above.
We do not collect IP addresses in persistent logs (Nginx access logs may temporarily record IPs as part of normal server operation; these rotate automatically).

3. Legal Basis for Processing (GDPR)

Processing activity	Legal basis
Account creation & authentication	Contract performance (Art. 6(1)(b)) — necessary to provide the service
Storing uploaded files & projects	Contract performance (Art. 6(1)(b))
Sending transactional emails (verification, password reset, storage warnings)	Contract performance (Art. 6(1)(b))
Compute usage logging for capacity planning	Legitimate interests (Art. 6(1)(f)) — operating and improving infrastructure
Storing Stripe identifiers for billing	Contract performance (Art. 6(1)(b))
Optional notification & digest emails	Consent (Art. 6(1)(a)) — opt-in preferences you control
CSRF tokens & session security	Legitimate interests (Art. 6(1)(f)) — security of the service

4. How We Use Your Data

To create and maintain your account and authenticate you.
To store, version, and serve back the files you upload.
To enable collaboration features (sharing projects, approvals, votes, review requests).
To process subscription payments and manage your storage plan via Stripe.
To send you transactional emails: email verification, password resets, and storage-limit warnings.
To send optional notification emails if you have enabled them.
To monitor and plan infrastructure capacity (compute usage, storage usage).
To respond to support requests you send us.

We do not sell, rent, or trade your personal data to any third party.

5. Data Sharing & Sub-processors

Recipient	Purpose	Location
Stripe, Inc.	Payment processing, subscription management, Connect payouts	United States (Standard Contractual Clauses apply)
Cloudflare (R2)	Object storage for uploaded file versions	Depends on R2 region configured — EU regions available
VPS hosting provider	Server hosting, PostgreSQL database, on-disk file storage	As configured in deployment
SMTP email provider	Delivery of transactional and notification emails	As configured in `SMTP_HOST`

We do not share your data with any other third parties. We have Data Processing Agreements (or rely on Standard Contractual Clauses) with all sub-processors listed above.

6. Data Retention

Data category	Retention period
Account data, projects, and uploaded files	Until you delete your account; or until auto-deletion under storage enforcement (see §8)
Email verification tokens	24 hours from creation; deleted or invalidated after first use
Password-reset tokens	1 hour from creation; immediately invalidated after use
Login sessions	24 hours from last activity
Compute usage logs	Retained while your account is active; deleted when your account is deleted
Stripe billing identifiers	Retained while your account is active; cleared when your account is deleted
Support messages	Up to 2 years for audit/quality purposes, then deleted
Nginx access logs	Rotated automatically (typically 7–30 days depending on server configuration)

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data-protection law, you have the following rights:

Right of access (Art. 15): You can download a copy of all personal data we hold about you. Use the Export My Data button in your account settings.
Right to rectification (Art. 16): You can update your username, bio, and avatar in your profile settings at any time. To change your email address, contact us.
Right to erasure / "right to be forgotten" (Art. 17): You can permanently delete your account from Settings → Danger Zone → Delete Account. This deletes your user record, all projects you own (including all uploaded files stored on disk or in R2), and cancels any active Stripe subscription. Collaborator records on other users' projects are removed via database cascade. This action is irreversible.
Right to data portability (Art. 20): Your data export (see above) is provided in machine-readable JSON format.
Right to object / withdraw consent (Art. 21 / Art. 7(3)): You can disable notification emails and the daily digest at any time in Settings → Notifications.
Right to restriction of processing (Art. 18): Contact us at support@visioncont.org to request processing restrictions while a complaint is being investigated.
Right to lodge a complaint: If you believe we have mishandled your data you have the right to lodge a complaint with your national supervisory authority (e.g. the ICO in the UK, CNIL in France, or your local DPA).

We will respond to data-subject requests within 30 days. We may ask you to verify your identity before fulfilling a request.

8. Storage Limits & Automated Enforcement

Each account has a storage limit based on your subscription plan (free accounts receive 10 GB). If you exceed your limit, the following automated process applies:

Your grace period begins the day you first exceed your limit.
On day 27 we send you a warning email with 3 days' notice.
On day 30, if you are still over your limit, we permanently delete your most recently-created projects one by one until you are within your limit. You receive an email listing the deleted projects.
If you bring your storage back under your limit at any point during the grace period, the process stops immediately and no data is deleted.

This processing is carried out under contract performance (our Terms of Service, §6). You are always notified before any automated deletion takes place.

GDPR note — automated decision-making (Art. 22): The deletion process described above is triggered automatically by a server-side job, but the decision is solely based on your storage usage vs. your plan limit — a simple numeric comparison with no profiling. The outcome (project deletion) follows directly from the Terms of Service you agreed to. You can prevent it at any time by upgrading your plan, deleting files, or deleting your account.

9. Cookies & Browser Storage

We use a single first-party session cookie (connect.sid) to keep you logged in. This cookie is:

HttpOnly: not accessible to JavaScript.
Secure: only transmitted over HTTPS in production.
SameSite=Lax: not sent on cross-site sub-resource requests.
Automatically expired after 24 hours of inactivity.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. No cookie consent banner is required for strictly-necessary session cookies under ePrivacy / PECR rules.

The desktop client stores your API token in the operating-system keychain (not a cookie).

10. Security

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it, including:

Passwords are never stored in plain text.
All data transmitted between your browser and our servers is encrypted in transit.
Requests that modify data require authentication and include protections against cross-site request forgery.
Sensitive credentials (such as API tokens) are stored in a form that cannot be reversed to the original value.
We apply rate limiting to login, password-reset, and email-sending endpoints to reduce abuse.
Database connections are encrypted in production.
You can control the visibility of your projects, files, and folders to limit public access.

No method of transmission or storage over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@visioncont.org.

11. Stripe Connect & Donations

Project owners can opt in to receive donations from other users via Stripe Connect. If you do so:

You complete Stripe's own KYC/identity-verification process directly on Stripe's platform — we never see the documents you submit to Stripe.
We store your Stripe Connect account ID and onboarding/payout-enabled status so we can route donations to you and display your payout status in your dashboard.
Donation records (project ID, donor ID, amount, optional message) are stored in our database and are visible to the project owner. Donor usernames are shown to the project owner in the donation log.
Stripe acts as a separate data controller for the identity and payout data you provide to them. Please review Stripe's Privacy Policy for details.

12. Client Review Requests

When you use the Client Review feature to share a file version with an external reviewer, we store the reviewer's email address and any feedback they submit. That email address is also saved to your personal address book within the service so you can easily re-use it in future. You can delete individual address-book entries from your profile at any time.

The reviewer's email is used solely to facilitate the review link; it is not used for marketing or shared with any third party.

13. International Data Transfers

We and our sub-processors (Stripe, Cloudflare) may process your data outside the EEA. Where this occurs we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms, to ensure adequate protection.

14. Children's Privacy

The service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete the account promptly.

15. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent revision. If we make material changes we will notify registered users by email before the changes take effect.

16. Contact

For any privacy-related questions, data-subject requests, or complaints:

Email: support@visioncont.org
Response time: within 30 calendar days