Vizuna app iconVizuna
Sign in

Legal

Security Overview

Last Updated: 2026-04-23

A short, procurement-friendly overview of how Vizuna protects user data, controls access, and handles security operations.

On this page

1. High-level posture

Vizuna is designed to be privacy-first. Reflections may include sensitive workplace context, so the product is built to minimise exposure, avoid attribution, and limit what organisations can access.

2. Data access and privacy boundaries

  • Individual reflections and free-form feedback are not provided to organisations as raw text.
  • Where organisation-level reporting exists, it is designed to be anonymised and aggregated.
  • VizunaAI outputs are intended to be pattern-based and should not reveal who said what.
  • Recipient-level outreach tracking records, where used for Vizuna's own cold-email operations, are restricted to internal roles that need them for business development or customer-facing work and are not exposed to customer organisations.

3. Account and authentication

  • Vizuna uses authenticated sessions to control access to user data.
  • Sensitive actions such as account deletion and data export require additional confirmation or re-authentication flows.

4. Logging and operational safety

Vizuna treats free-form reflection text and VizunaAI chat content as sensitive. Operational logging is designed to avoid storing:

  • Reflection text
  • VizunaAI chat transcripts
  • Tokens and credentials
  • Device tokens and notification bodies

5. Operational tooling

Vizuna does not use a dedicated error-tracking vendor (such as Sentry or Datadog). The operational tooling that may process limited, non-personal metadata includes:

  • Plausible Analytics — cookie-free, privacy-focused web analytics on the public marketing site. Collects aggregate page views, referral sources, and country-level location. Does not collect personal data or track individuals across sites.
  • Vercel Speed Insights — lightweight web performance telemetry (page load times, core web vitals). Does not collect personal content.
  • First-party product analytics (Vizuna behavior telemetry) — Vizuna operates its own pseudonymous product analytics pipeline that records page views, clicked element descriptors, click coordinates, scroll depth, viewport dimensions, and session duration across the marketing site and customer portal. Internal /admin pages are intentionally excluded from this dataset. It uses a long-lived visitor_id in localStorage, a session-scoped session_id in sessionStorage, and a localStorage opt-out flag (vizuna_tracking_optout). A legacy anonymous_id remains only during the 90-day transition window. It does not log IP address or user-agent, does not collect reflection text or VizunaAI content, and events are not joined to authenticated user IDs. Events are ingested via a first-party endpoint (/api/track), stored in Supabase Postgres, and automatically deleted after 90 days. Access to the resulting dashboards is restricted to internal admin, csm, and sales roles. See the Cookie Policy and Privacy Policy for user-facing details and opt-out instructions.
  • Vizuna outreach-link tracking — internal cold-email reporting currently records tracked link clicks server-side. We do not currently use an outreach attribution cookie or downstream browsing attribution for this flow.

6. Incident response

Vizuna maintains an internal incident response playbook and escalation process for security and privacy incidents.

7. Compliance targets

Vizuna aims to align with GDPR-style privacy principles globally and to support enterprise procurement needs (including SOC 2 readiness over time). Any formal certifications (for example, "SOC 2 Type II certified") should only be claimed once completed and verified.

8. Contact

For security questions or to request additional security documentation, please contact us at support@vizuna.com.

← Back to LegalBack to top