Skip to main content
    Vivreal Back to registration

    Legal

    Privacy Policy

    Effective date:  · Last updated:

    Hill Bomb Creations ("we," "us," or "our") operates the Vivreal platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Services. By using Vivreal, you agree to the practices described here.

    1. Information We Collect

    1.1 Information You Provide

    • Account information: Your name, email address, username, and password when you register
    • Profile and group data: Organization name, group settings, member roles, and preferences you configure in your workspace
    • Content: Text, images, files, and other media you upload or create within your collections and sites
    • Billing information: Payment method details processed securely through Stripe; we do not store raw card numbers on our servers
    • Support communications: Messages you send to us when requesting help

    1.2 Information Collected Automatically

    • Usage data: Pages visited, features used, actions performed within your workspace, and session duration
    • Audit logs: A record of significant actions (content changes, member invitations, integration updates) taken within your group workspace, retained for the period defined by your subscription tier
    • Device and browser information: IP address, browser type and version, operating system, and device identifiers
    • Cookies and similar technologies: Session cookies for authentication, preference cookies, and security tokens. See Section 6 for details.
    • Error and performance data: Crash reports and performance metrics collected through Sentry to help us identify and fix issues

    1.3 Information from Third-Party Services

    When you connect third-party integrations (Stripe, X/Twitter, Instagram, LinkedIn, Facebook, TikTok), we receive data from those platforms as authorized by your OAuth or API key connection, including profile identifiers, content metadata, and engagement data needed to power those features. This data is processed on your behalf and is not used for advertising or sold to third parties.

    2. How We Use Your Information

    We use the information we collect to:

    • Provide, operate, and improve the Vivreal platform and Services
    • Authenticate your identity and secure your account
    • Process billing, calculate overage charges, and send invoices
    • Enforce quota limits and manage subscription tiers (CDN bandwidth, API calls, AI Agent Actions, version history, audit retention)
    • Send transactional emails (account verification, password resets, billing receipts)
    • Send product updates and announcements where you have consented or where permitted by law
    • Monitor and enforce our Terms and Conditions and acceptable use policies
    • Diagnose errors, monitor performance, and maintain platform security
    • Comply with legal obligations

    We do not sell your personal information or use it to serve third-party advertisements.

    3. How We Share Your Information

    We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

    3.1 Service Providers

    We share data with trusted third-party vendors who help us operate the Services:

    • Amazon Web Services (AWS): Cloud infrastructure, storage (S3), serverless compute (Lambda), and identity management (Cognito)
    • Stripe: Payment processing and subscription management
    • Sentry: Error monitoring and performance tracking
    • MongoDB: Database infrastructure for workspace data (multi-tenant, each group isolated in its own database)

    3.2 Within Your Workspace

    Workspace members can see content, audit logs, and activity within the group according to their assigned role (owner, admin, member). Group owners and admins control member access.

    3.3 Legal Requirements

    We may disclose information if required by law, regulation, court order, or other governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Hill Bomb Creations, our users, or the public.

    4. Data Retention

    We retain your account and workspace data for as long as your account is active. Specific retention periods for platform features are governed by your subscription tier:

    • Content versions: Retained up to the maximum version count defined by your tier; older versions are pruned automatically
    • Audit logs:Retained for the number of days defined by your tier’s audit retention quota
    • Account data after cancellation: Retained for 30 days after account closure, then permanently deleted
    • Billing records: Retained for 7 years as required by financial regulations

    You may request deletion of your account and associated data at any time. See Section 7 for your rights.

    5. Data Security

    We implement technical and organizational measures to protect your information, including:

    • TLS encryption for all data in transit
    • AWS-managed encryption for data at rest
    • JWT-based authentication with short-lived session tokens
    • CSRF protection (double-submit cookie pattern) on all state-changing operations
    • Rate limiting on authentication endpoints to prevent brute-force attacks
    • Support for hardware security key authentication via WebAuthn
    • Role-based access control within group workspaces

    While we take security seriously, no system is completely secure. We encourage you to use strong, unique passwords and enable hardware key authentication where available.

    6. Cookies and Tracking

    We use the following types of cookies and tokens:

    • Authentication cookies (token, active_ctx): Required for you to stay logged in and to identify your active group context. These are HTTP-only, secure, and essential to the Services.
    • CSRF tokens: Short-lived tokens used to prevent cross-site request forgery on state-changing operations.
    • Onboarding state: A cookie that tracks whether you have completed the initial setup flow.

    We do not use advertising cookies or sell cookie data to third parties. Essential cookies cannot be disabled as they are required for the Services to function.

    7. Your Rights and Choices

    Depending on your location, you may have the following rights regarding your personal data:

    • Access: Request a copy of the personal information we hold about you
    • Correction: Request correction of inaccurate or incomplete information
    • Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
    • Portability: Request an export of your content data in a portable format
    • Objection / Restriction: Object to certain processing or request that we restrict processing of your data in certain circumstances
    • Withdraw consent: Where we rely on consent to process your data, you may withdraw that consent at any time

    To exercise any of these rights, contact us at hello@vivreal.io. We will respond within 30 days. You may also close your account directly from your account settings.

    8. Children’s Privacy

    The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

    9. International Data Transfers

    The Services are operated from the United States. If you are accessing Vivreal from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Services, you consent to such transfers. We take steps to ensure appropriate safeguards are in place where required by applicable law.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, sending you an email notice. We encourage you to review this policy periodically. Your continued use of the Services after the effective date of changes constitutes your acceptance of the updated policy.

    11. Contact Us

    If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

    Hill Bomb Creations
    Vivreal Privacy Team
    hello@vivreal.io
    © 2026 VivrealVivreal Logo