Privacy Policy

Last updated: April 25, 2026

1. Introduction

VisualBI.ai ("we", "our", or "us") operates the visualbi.ai website and the VisualBI.AI Power BI custom visual. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

  • Account Information: Name, email address, and password when you register. If you use OAuth (Google, Microsoft), we receive your name, email, and profile picture from the provider.
  • Billing Information: Payment details are processed by our payment provider (Stripe). We do not store full credit card numbers on our servers. We store your Stripe customer ID for subscription management.
  • Usage Data: We collect anonymized usage metrics such as export counts, feature usage, and session duration to improve our product.
  • License Validation Data: When the custom visual validates a license, we receive the license key and anonymized tenant/user identifiers. No personal data or report content is transmitted.
  • Cookies & Local Storage: We use cookies and browser local storage for session management, authentication tokens, and user preferences (theme, language).
  • Device & Session Data: We collect IP addresses and user-agent strings to manage active sessions and detect unauthorized access.

3. How We Use Your Information

  • Provide, operate, and maintain our services.
  • Process transactions, manage subscriptions, and track export credits.
  • Validate license keys and enforce usage limits.
  • Send transactional emails (e.g., welcome emails, password reset, subscription confirmations, billing alerts).
  • Verify your email address for account security.
  • Improve our product based on aggregated, anonymized usage patterns.
  • Prevent fraud, abuse, and enforce our Terms of Service.

4. Data Sharing & Third Parties

We do not sell your personal data. We share information only with:

  • Stripe: Processes payments, manages subscriptions, and issues invoices on our behalf.
  • Resend: Handles transactional email delivery (welcome, password reset, verification emails).
  • Cloudflare R2: Stores uploaded media assets (project thumbnails, avatars). Files are served via Cloudflare's CDN.
  • Google & Microsoft: If you authenticate via OAuth, these providers share your basic profile information with us per their privacy policies.
  • Cloud Infrastructure: Our services are hosted on secure cloud infrastructure providers (Railway).
  • Microsoft AppSource: If you purchase a license via AppSource, Microsoft manages the transaction and license provisioning.

5. Cookies & Tracking

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Preference Cookies: Store your theme, language, and display preferences in localStorage.
  • Analytics Cookies: We may use analytics services to understand usage patterns. You can opt out of analytics tracking via cookie preferences.

You can manage cookie preferences through the cookie consent banner displayed on first visit.

6. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Anonymized usage data may be retained for analytics purposes. Billing records are retained as required by applicable financial regulations.

7. Security

We implement industry-standard security measures including encrypted communications (TLS/HTTPS), secure password hashing (bcrypt), rate limiting, JWT-based authentication with refresh token rotation, session management with device limits, and regular security reviews.

8. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and personal data. You can delete your account from Settings.
  • Export: Export your projects and data in standard formats (.pbip, JSON).
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing of your data for specific purposes.
  • Withdraw Consent: Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

Our Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and posted on this page with an updated revision date. Continued use after changes constitutes acceptance.

12. Contact

For privacy-related inquiries, contact us at [email protected].