Privacy Policy

Last Updated: December 27, 2025

1. Data Controller

The data controller responsible for your personal information is:

Kevin Mark Lock Digeager 14 2640 Hedehusene Denmark Email: kevin.lock03@gmail.com

2. Information We Collect

We collect and process the following data to provide the VivaLeX service:

  • Identity Data: Your email address and unique User ID (managed via Google Authentication and Supabase).
  • Document Data: We store the PDF documents you upload to allow for cross-session access. To ensure maximum security, files are encrypted at rest using a unique key derived for each file (HKDF/AES-256).
  • Metadata: We store technical metadata such as file names, reading progress, and last-accessed timestamps.
  • Payment Data: Transaction history and subscription status (processed securely by Stripe; we do not store full credit card numbers).

3. Third-Party Sub-processors

To provide our AI and TTS services, we utilize specialized third-party infrastructure. We have entered into data processing agreements with these providers to ensure your data is protected.

  • Cloud Infrastructure: Supabase (Database/Auth/Storage) and Vercel (Hosting).
  • Visual Analysis: Specialized OCR providers for extracting text from images. We have configured these services to ensure your images are not used for model training.
  • Language Models: Advanced AI providers (e.g., Google Cloud) for text structure analysis. We utilize paid commercial tiers which guarantee that your data is not used to train global AI models.
  • Cloud Computation: High-performance GPU infrastructure providers (e.g., Modal Labs) for real-time voice synthesis. Data processed here is transient (volatile memory) and is not persisted.
  • Payments: Stripe for payment processing.

4. Data Residency & Transfers

Our primary databases and storage are hosted on servers within the European Union (EU).

However, to utilize specific AI technologies, some data processing (specifically OCR and AI analysis) occurs on secure servers in the United States. We ensure that these transfers are lawful under the GDPR by verifying that our providers adhere to the EU-U.S. Data Privacy Framework or utilize Standard Contractual Clauses (SCCs) to guarantee an equivalent level of protection.

5. Data Retention & Deletion

We practice data minimization:

  • User Control: You may utilize the “Delete All Files” function in the Settings menu at any time. This performs a hard delete, permanently removing the files from our storage buckets and scrubbing all associated metadata from our database.
  • Auto-Deletion: To maintain hygiene and privacy, we reserve the right to automatically delete data from accounts that have been inactive for more than 12 months.
  • Transient Processing: Data sent to our AI and GPU partners is processed in real-time and is not retained by those providers after the response is generated.

6. Security

We employ strong technical measures to protect your data. All documents are encrypted at rest using industry-standard AES-256 GCM encryption. All data transmission between your browser and our servers is protected via SSL/TLS.

7. Cookies & Local Storage

We utilize “strictly necessary” cookies and local storage to ensure the website functions correctly. These are exempt from the requirement of user consent under the Danish Cookie Order (Cookiebekendtgørelsen).

  • Authentication: We use secure tokens (via Supabase) stored in your browser to keep you logged in.
  • Security: Our payment processor (Stripe) may use cookies to detect fraud during checkout.
  • No Tracking: We do not use third-party analytics cookies (such as Google Analytics) or marketing pixels. We do not track your behavior across other websites.

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • The right to access the personal data we hold about you.
  • The right to request the rectification of incorrect data.
  • The right to request the deletion of your data (“Right to be forgotten”).
  • The right to data portability.

To exercise these rights, please contact us at kevin.lock03@gmail.com. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) if you believe your data is being processed incorrectly.