Legal

Privacy Policy

Last updated: June 16, 2026

Effective date: June 16, 2026

Vi Project Manager ("Vi", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and what rights you have regarding your personal information.

1. Data We Collect & Why

Account Data

  • Email address and display name — used to identify you, authenticate your account, and send important service communications.
  • Password (stored as a one-way hash; we never store plaintext passwords).
  • Tenant/workspace configuration data.

Project & Task Content

  • Projects, tasks, comments, attachments, time entries, custom fields, and all content you create inside Vi.
  • This data belongs to you. We store it solely to deliver the Service.

Usage Logs

  • Activity logs (who changed what, when) — used for audit trails, support, and security.
  • API request logs (endpoint, timestamp, IP address) — retained for a rolling 30-day window for security and debugging.
  • Error and crash reports — used to diagnose and fix issues.

Payment Data

  • Payment is processed entirely by Paddle.com. Vi does not store credit card numbers, bank details, or full billing addresses.
  • We receive from Paddle: your subscription plan, billing status, renewal dates, and a Paddle customer ID.

Notification Preferences

  • Your Telegram user ID and/or webhook URL if you choose to configure those notification channels.

2. Sub-Processors

We share your data with the following trusted third-party sub-processors only to the extent necessary to provide the Service. Each is bound by data processing agreements and their own privacy commitments.

Service Purpose Data Shared Privacy
Paddle.com Payment processing & invoicing (Merchant of Record) Email, billing plan, subscription events paddle.com/legal/privacy
Brevo / SMTP
(transactional email)		 Sending email notifications, password resets, and invitations Recipient email address, notification content brevo.com privacy policy
Telegram
(optional)		 Sending optional Telegram notifications when configured by the user Your Telegram user ID, notification content (task names, status updates) telegram.org/privacy
Anthropic
(AI features)		 Powering AI-assisted features: Generate Task Draft, Translate Text Task text you submit to AI features. See Section 7 for details. anthropic.com/privacy
OpenAI
(AI features, if applicable)		 Powering AI-assisted features (used as an alternative or supplement to Anthropic) Task text you submit to AI features. See Section 7 for details. openai.com/privacy

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

3. Cookies & Local Storage

Vi uses a minimal number of cookies and browser storage items:

  • vi_token — An HTTP-only authentication cookie containing your JWT session token (signed with ES256). This cookie is required to use the Service. It expires when you log out or after your session period, whichever comes first.
  • theme (localStorage) — Stores your light/dark theme preference. Contains no personal data.
  • lang (localStorage) — Stores your language preference (en/fa). Contains no personal data.

We do not use third-party advertising cookies. We use Google Analytics (anonymized) to understand aggregate page traffic on our public marketing pages.

4. Data Retention & Security

Retention

  • Account and project data is retained for as long as your account is active.
  • After account deletion, we remove your personal data and content within 30 days, except where retention is required by law (e.g. financial records required by Paddle/tax authorities).
  • API request logs are retained for a rolling 30-day window and then automatically purged.

Security Measures

  • All data is transmitted over HTTPS/TLS.
  • Authentication uses JWT tokens signed with ES256 (elliptic curve).
  • Multi-tenant isolation: each workspace's data is scoped by tenant ID at the database level.
  • Passwords are stored as one-way cryptographic hashes.
  • File attachments are stored with access controls enforced at the application layer.

Despite our best efforts, no security measure is perfect. If you discover a security vulnerability, please report it responsibly to support@useviapp.com.

5. International Data Transfers

Vi's servers are located in Turkey (Istanbul).

When you use AI features (see Section 7), your task text is transmitted to Anthropic and/or OpenAI, which are processed in the United States. By using AI features, you consent to this transfer.

For users in the European Economic Area (EEA) or United Kingdom: Vi is operated from Turkey, a country outside the EEA. When you use the Service, your data may be transferred to and processed in Turkey. We take appropriate contractual and technical measures to protect your data in accordance with applicable law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users globally, consistent with GDPR principles:

  • Access. You can request a copy of the personal data we hold about you. Much of your project and task data is directly exportable from within Vi.
  • Rectification. You can update your account information (name, email) directly in Account Settings.
  • Erasure (Right to be Forgotten). You can delete your account from Account Settings. This triggers deletion of your personal data and content within 30 days.
  • Data Portability. You can export your tasks and projects in CSV format from within Vi.
  • Restriction & Objection. You may object to certain processing or request we restrict processing while a complaint is pending.
  • Withdraw Consent. Where processing is based on consent (e.g. Telegram notifications), you can withdraw at any time from Notification Settings.

To exercise any right, contact us at support@useviapp.com. We will respond within 30 days. If you are located in the EEA, you also have the right to lodge a complaint with your local data protection authority.

7. AI Features & Third-Party AI Providers

Transparency notice: When you use Vi's AI features (Generate Task Draft, Translate Text), the text content you provide is sent to a third-party AI provider (Anthropic and/or OpenAI). Source code, file attachments, and data from other tasks are never sent. Only the specific text you actively submit via the AI feature is transmitted.

Specifically:

  • Generate Task Draft: The raw text you type in the prompt field is sent to the AI provider. The AI returns a suggested task title and description.
  • Translate Text: The task description text you select for translation is sent to the AI provider. The translated text is returned and displayed to you.

AI features are optional and only activated when you click the relevant AI button. They are available on Pro and Business plans. Your usage is tracked for billing purposes (token quota per seat per month).

We recommend that you do not include sensitive personal information (passwords, credit card numbers, government IDs) in task descriptions you intend to submit to AI features.

AI providers may have their own data retention and usage policies. Please review Anthropic's Privacy Policy and OpenAI's Privacy Policy for details.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice in the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Data Controller & Contact

The data controller responsible for your personal data is:

Vi Project Manager, operated by Cevahir Soft
Istanbul, Turkey

For privacy-related questions or data subject requests: