Your data,
your control.
This policy explains what information we collect, why, how we protect it, and the rights you have over it — whether you're in Europe, the United States, or anywhere else.
Data Controller
For the purposes of the EU General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and any other applicable privacy legislation, the data controller responsible for your personal data is:
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your rights, please contact us at the email address above.
Information We Collect
We collect the minimum amount of information necessary to operate and improve Viqus.ai. We categorize collected data as follows:
| Category | Data Points | Source |
|---|---|---|
| Identifiers | Email address (if you subscribe to our newsletter) | Directly from you |
| Internet Activity | IP address, browser type, operating system, referral URL, pages viewed, time on site | Automatically collected |
| Device Data | Device type, screen resolution, language preference | Automatically collected |
| Analytics | Aggregated usage patterns, click behavior (via Google Analytics, when consented) | Cookies & tracking pixels |
| Consent Records | Cookie preferences, timestamp, user agent | Consent management system |
Sensitive Personal Information: We do not collect sensitive personal information as defined by GDPR Article 9 or CCPA/CPRA (e.g., racial origin, health data, biometrics, precise geolocation, financial account details).
Data Not Obtained From You: We do not purchase, receive, or otherwise obtain personal data from third-party data brokers or social media platforms.
Purpose & Legal Basis for Processing
Under GDPR Article 6, every processing activity must have a lawful basis. Below is a breakdown of how we use your data and the legal basis under which we process it:
| Purpose | Legal Basis (GDPR) | Details |
|---|---|---|
| Delivering our website | Legitimate interest (Art. 6(1)(f)) | Serving pages, maintaining security, preventing abuse |
| Analytics & improvement | Consent (Art. 6(1)(a)) | Understanding usage patterns to improve content and UX. Only activated when you accept analytics cookies. |
| Newsletter delivery | Consent (Art. 6(1)(a)) | Sending weekly AI insights to the email you provide. You can unsubscribe at any time. |
| Cookie consent logging | Legal obligation (Art. 6(1)(c)) | Recording your consent choices as required by ePrivacy Directive and GDPR accountability principle. |
| Responding to your requests | Contract / pre-contractual steps (Art. 6(1)(b)) | Replying to contact form submissions and data rights requests. |
Where we rely on consent, you may withdraw it at any time through our Cookie Settings panel or by contacting us. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.
Cookies & Tracking Technologies
Our website uses cookies — small text files placed on your device — to facilitate basic functionality and, with your consent, to understand how visitors use the site. We categorize cookies as follows:
| Type | Purpose | Consent Required | Duration |
|---|---|---|---|
| Essential | Site functionality, security, consent preferences | No (strictly necessary) | Session / 1 year |
| Analytics | Google Analytics — anonymous usage data (pageviews, sessions, referrals) | Yes | Up to 14 months |
| Advertising | Personalized ads and remarketing via Google services | Yes | Variable |
| Personalization | Personalized content recommendations based on browsing behavior | Yes | Variable |
You can manage your cookie preferences at any time via the Cookie Settings link in the footer. You may also configure your browser to block or delete cookies, although this may affect site functionality.
We use Google Analytics with the following privacy safeguards: IP anonymization is enabled, data sharing with Google is minimized, and analytics cookies are only set after you give explicit consent through our consent management banner. We honor Do Not Track and Global Privacy Control browser signals.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal information. We do not share your personal data with third parties for their own marketing purposes.
We share data only with the following categories of recipients, under strict contractual obligations:
- Google LLC — Analytics and advertising services (only if you consent to analytics/advertising cookies). Google acts as a data processor under our instructions. Google's Privacy Policy.
- Hosting provider — Infrastructure provider that stores our website files and processes HTTP requests. They process data as a sub-processor under a Data Processing Agreement (DPA).
- Email service provider — If you subscribe to our newsletter, your email address is processed by our mailing provider under a DPA.
Sale/Sharing of Personal Information (CCPA): Viqus has not sold or shared personal information of consumers in the preceding 12 months. We do not sell personal information as defined under the CCPA/CPRA.
International Data Transfers
Some of the third-party services we use (e.g., Google Analytics) may process data outside the European Economic Area (EEA). In such cases, we rely on the following safeguards to ensure an adequate level of protection as required by GDPR Chapter V:
- EU-US Data Privacy Framework: Where the recipient has been certified under the EU-US Data Privacy Framework (adequacy decision renewed by the European Commission on December 19, 2025).
- Standard Contractual Clauses (SCCs): Where no adequacy decision exists, we ensure the transfer is covered by the European Commission's approved Standard Contractual Clauses.
You may request a copy of the safeguards in place by contacting us at privacy@viqus.ai.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
| Data Type | Retention Period | Criteria |
|---|---|---|
| Analytics data | 14 months | Google Analytics default with IP anonymization |
| Newsletter email | Until unsubscription | Deleted within 30 days of unsubscribe request |
| Consent records | 3 years | Legal obligation to demonstrate proof of consent |
| Server logs | 90 days | Security and abuse prevention |
When retention periods expire, data is securely deleted or anonymized so it can no longer be linked to an individual.
Your Rights — EU/EEA Residents (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR. We will respond to any request within 30 days (extendable by 60 days for complex requests) and free of charge.
Right of Access
Request a copy of the personal data we hold about you and information about how we process it (Art. 15).
Right to Rectification
Request correction of inaccurate or incomplete personal data (Art. 16).
Right to Erasure
Request deletion of your personal data when it is no longer necessary or if you withdraw consent (Art. 17).
Right to Restriction
Request we limit processing of your data in certain circumstances (Art. 18).
Right to Portability
Receive your data in a structured, machine-readable format and transmit it to another controller (Art. 20).
Right to Object
Object to processing based on legitimate interest, including profiling. We will cease processing unless we have compelling grounds (Art. 21).
Withdraw Consent
Where processing is based on consent, you can withdraw it at any time without affecting prior processing (Art. 7(3)).
Right to Lodge Complaint
File a complaint with your local Data Protection Authority if you believe your rights have been violated (Art. 77).
To exercise any of these rights, contact us at privacy@viqus.ai. We may verify your identity before processing the request.
Your Rights — US Residents (CCPA/CPRA)
If you are a California resident (or a resident of another US state with comparable privacy legislation), you have the following rights. We will respond within 45 days (extendable by 45 days) and free of charge, up to twice per 12-month period.
Right to Know
Request disclosure of the categories and specific pieces of personal information collected, the sources, the purposes, and the third parties with whom it was shared in the preceding 12 months.
Right to Delete
Request deletion of personal information we have collected from you, subject to certain legal exceptions.
Right to Correct
Request correction of inaccurate personal information we maintain about you.
Right to Opt-Out
Opt out of the sale or sharing of personal information. Note: Viqus does not sell or share your personal information.
Right to Limit
Limit the use and disclosure of sensitive personal information. We do not collect sensitive PI as defined by CCPA/CPRA.
Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights — no denial of service, different pricing, or reduced quality.
To exercise your rights, email privacy@viqus.ai with the subject line "CCPA Request." We may verify your identity using information already associated with your account. You may also designate an authorized agent to make a request on your behalf.
Financial Incentives: We do not offer financial incentives in exchange for the collection, sale, or deletion of personal information.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption in transit: All connections to viqus.ai are secured via TLS/HTTPS.
- Encryption at rest: Database and backups are encrypted using industry-standard algorithms.
- Access controls: Personal data access is limited to authorized personnel on a need-to-know basis.
- Local AI processing: Content analysis is performed via Ollama running on our own infrastructure. Your reading patterns and intelligence footprint never leave our servers and are never sent to third-party AI providers.
- Incident response: In the event of a data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and affected individuals without undue delay when required by Article 34.
While no system is 100% secure, we continuously review and improve our security practices to protect your information.
Children's Privacy
Viqus.ai is not directed at children under the age of 16 (or under 13 for US residents). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@viqus.ai.
Do Not Track & Global Privacy Control
Viqus.ai respects browser-level privacy signals. When we detect a Do Not Track (DNT) or Global Privacy Control (GPC) signal, we treat it as a valid opt-out request:
- Analytics and advertising cookies will not be set.
- No personal data will be shared with third-party analytics providers.
- For California residents, a GPC signal is treated as a valid "Do Not Sell or Share" request under the CCPA/CPRA.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will update the "Last Updated" date at the top of this page.
- For material changes that affect how we process your data, we will provide a prominent notice on our website.
- Where required by law (e.g., if we introduce a new processing activity that requires consent), we will obtain fresh consent before processing.
We encourage you to review this policy periodically. This policy is reviewed and updated at least once every 12 months, in compliance with CCPA requirements.
Contact Us
If you have questions, concerns, or wish to exercise any of your privacy rights, you can reach us through the following channels:
EU/EEA Residents: If you are not satisfied with our response, you have the right to lodge a complaint with your national Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.
California Residents: You may also contact the California Privacy Protection Agency at cppa.ca.gov or the California Attorney General at oag.ca.gov.