Skip to content
Vivd Docs

Privacy Policy

Last updated: May 24, 2026

This Privacy Policy explains how Vivd Solutions (“Vivd”, “we”, “us”) processes personal data when you visit our public website or docs, request access, contact us, use hosted Vivd, work in Studio, configure plugins, or publish a website through Vivd.

Controller

Vivd Solutions
Dweerblöcken 4
22393 Hamburg
Germany

Email: hello@vivd.studio

What data we process

Depending on how you use Vivd, we may process:

  • contact data, such as name, email address, organization, and messages you send us
  • account and organization data, such as login details, role, invitations, membership, settings, and support context
  • project data, such as prompts, uploaded assets, generated or edited website content, project files, versions, plugin configuration, domain settings, publish status, and audit history
  • technical data, such as IP address, browser, device, operating system, timestamps, request URLs, referrers, logs, diagnostics, security events, and error reports
  • usage data, such as product actions, feature usage, credits or usage counters, checklist state, support interactions, and administrative activity
  • published-site delivery data, such as public URL, domain, deployment metadata, plugin events, and technical request logs needed to serve and protect published sites
  • billing data, if paid plans, credits, invoices, or checkout are introduced or agreed separately

Why we process data

We process personal data to:

  • provide, operate, secure, and improve Vivd
  • create and manage accounts, organizations, projects, versions, plugins, and published sites
  • run Studio and AI-assisted editing workflows
  • prepare, publish, unpublish, and serve websites
  • respond to access requests, support requests, legal requests, and abuse reports
  • send transactional emails, security notices, product notices, and service communications
  • prevent abuse, spam, fraud, security incidents, and unlawful use
  • maintain logs, backups, audit records, and operational reliability
  • comply with legal obligations
  • prepare or process billing if paid services are introduced or agreed separately

Where the GDPR applies, we rely on the following legal bases:

  • performance of a contract or pre-contractual steps, where processing is needed to provide Vivd or respond to your request
  • legitimate interests, including service operation, security, abuse prevention, support, product improvement, and business administration
  • consent, where we ask for it, such as optional analytics, non-essential cookies, or certain marketing communications
  • legal obligations, where we must keep records, respond to lawful requests, or comply with applicable law

AI workflows

When you use AI features, prompts, project context, files, screenshots, assets, instructions, and generated output may be processed to produce or improve the requested result. Depending on the configured model provider and deployment, this processing may involve external AI model providers or hosted inference infrastructure.

Do not submit personal data, confidential data, regulated data, or third-party material to AI workflows unless you have the right to do so and the use is appropriate for your project.

Published websites and plugins

If you publish a website through Vivd, you are responsible for the privacy notice, cookie choices, form notices, analytics setup, legal basis, and visitor-facing compliance of that website.

Vivd may process technical data required to build, deploy, route, serve, monitor, secure, or unpublish the site. Plugins may process additional data depending on their function, such as contact-form submissions, newsletter signups, analytics events, or table-booking requests.

If Vivd processes personal data on your behalf for hosted projects or plugins, a data processing agreement may be required. Contact us if your use case needs one.

Cookies and analytics

Vivd may use cookies, local storage, session storage, or similar technologies for authentication, security, preferences, consent choices, product operation, and diagnostics.

Optional analytics or marketing technologies should only be loaded after consent where consent is required. Published customer sites may have their own cookie and analytics setup controlled by the site owner.

Recipients and processors

We may share personal data with service providers where needed to operate Vivd, including infrastructure, hosting, storage, CDN, email delivery, analytics, observability, security, AI model processing, Git/repository integrations, support tooling, and payment processing if payments are introduced.

We may also disclose data if required by law, to protect rights and safety, to investigate abuse or security incidents, or in connection with a business transfer.

Some providers may process data outside the European Economic Area. Where required, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

Retention

We keep personal data only as long as needed for the purposes described above, including service operation, account management, project history, security, backups, legal obligations, dispute handling, and legitimate business records.

You may request deletion of your account or certain data, subject to legal, security, backup, operational, and contractual retention requirements.

Your rights

Where the GDPR applies, you may have the right to request access, correction, deletion, restriction, portability, and objection to processing. Where processing is based on consent, you may withdraw consent at any time with effect for the future.

You may also lodge a complaint with a data protection supervisory authority. For Hamburg, the supervisory authority is Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit.

Contact

For privacy questions or rights requests, contact hello@vivd.studio.