Privacy Policy

Overview and scope

This Privacy Policy explains how Aspen Labs, LLC (“Vizzion,” “we,” “us,” or “our”) collects, uses, and shares information in connection with our websites at vizzion.io and app.vizzion.io, our customer dashboard, and the embeddable visualization widget that our business customers place on their own websites (together, the “Service”).

Vizzion serves two groups of people: the businesses that subscribe to Vizzion (“Customers”) and the visitors who use a Customer’s widget to preview a product or service on a photo they upload (“End Users”). This policy describes our practices for both. The next section explains an important distinction in our responsibilities.

Our role: service provider vs. controller

The widget is embedded on websites operated by our Customers (for example, a roofing, solar, landscaping, or auto-styling company). When an End User uploads a photo and submits an email through that widget, the Customer decides why the information is collected and how they will use it to follow up.

For that End-User information, the Customer acts as the party responsible for the data (a “controller” under laws such as the GDPR, or a “business” under U.S. state privacy laws), and Vizzion acts as their service provider or processor — we handle the information on the Customer’s behalf and under our agreement with them. As a result:

• If you are an End User and want to access, correct, or delete the information you submitted through a widget, the fastest route is usually to contact the business whose website you used. You may also contact us (see How to contact us) and we will assist, including by forwarding your request to the relevant Customer.
• We also act as a controller in our own right for certain information — for example, Customer account data, security and abuse-prevention data, aggregate analytics, and the operation and improvement of the Service.
• Customers are responsible for providing their own privacy notices to, and obtaining any required consents from, their End Users.

Information we collect

Information you provide

• Email address. End Users may be asked to enter an email address to receive or reveal a visualization. Customers provide an email address to create and sign in to an account.
• Photos and images. End Users upload a photo (for example, of a home, room, yard, vehicle, or boat) to generate a visualization. See Photos and images you upload.
• Selections. The product, material, color, or style options an End User chooses.
• Account and business details. For Customers: business or company name, brand assets such as a logo and brand color, a reply-to email address, and the materials or products you configure.
• Communications. If you contact us, complete a form, or request support, we collect the information you include (such as your name, email, industry, and message).

Information collected automatically

When you use the Service, we and our providers automatically collect:

• Device and usage data, such as your browser type and user-agent, the page on which the widget is displayed, and the referring page.
• A hashed IP address. We hash IP addresses with a secret value before storing them in connection with widget sessions; we do not store the raw IP address. (A raw IP address is necessarily transmitted to our infrastructure and security providers to deliver the Service and run the verification challenge.)
• Session identifiers stored in your browser’s session storage so the widget functions during a single visit.
• Product-analytics events describing how the widget is used (for example, that a photo was uploaded or a visualization was requested), and limited file metadata such as a file’s size and name.

Information we do not request

The widget does not request your name, phone number, or postal address, and it has no field for them. Please do not enter sensitive personal information into the email field. Note that a photo you choose to upload may itself reveal information — see the next section.

Photos and images you upload

Photos are central to the Service, so they deserve special attention.

• What we do with them. We store the photo you upload, process it to create your visualization (see How visualizations are generated), store the resulting visualization, and — where applicable — email the result to the address you provide.
• Images may depict people or property. A photo of a home, yard, room, vehicle, or boat may reveal information about a property or its location, and a photo may include people. You should upload a photo only if you are permitted to do so. Some Customers use the widget for body-related previews; you must be 18+ and should upload a photo only of yourself or of someone who has agreed.
• Photo metadata. Image files can contain embedded metadata (for example, the date, device, or location where the photo was taken). We do not use this metadata to identify you, and the copy of your image used to generate the visualization is re-encoded in a way that typically removes it. If you prefer not to share metadata, you can remove it before uploading.
• Retention. Uploaded photos and generated previews are kept only for a limited time — see How long we keep information.

How we use information

We use information to:

• Provide the Service — process your photo, generate and deliver your visualization, and operate the widget and dashboard.
• Route and manage leads on behalf of the Customer whose widget you used.
• Communicate with you — send your visualization, respond to inquiries, and send Customers service and account messages.
• Maintain security and prevent abuse — including rate-limiting, bot detection, and investigating misuse.
• Measure and improve the Service — understand aggregate usage, fix problems, and develop features.
• Comply with law — meet legal obligations and enforce our Terms of Service.

We do not sell your personal information. We use your photos only to generate your visualization and operate the Service — for example, we do not use your photos to build or train unrelated products. Some processing is carried out by trusted service providers acting on our behalf (see How we share information).

How visualizations are generated

Your visualization is created using automated image-processing technology. When you submit a photo, it is processed together with the options you selected to produce an edited image that previews the product or service. Some of this processing may be performed with the help of trusted service providers acting on our behalf.

How we share information

We share information only as described here. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

• With the Customer whose widget you used. End-User submissions (such as email, selections, and the generated visualization) are made available to that business in their dashboard so they can follow up with you.
• With service providers (subprocessors). We use trusted vendors to run the Service. They may process personal information only to provide services to us and are bound by confidentiality and data-protection obligations.
• For legal and safety reasons. To comply with law, enforce our agreements, or protect the rights, safety, and security of Vizzion, our users, or the public.
• In a business transfer. If Vizzion is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
• With your direction or consent. When you ask us to share information or otherwise agree.

We work with the following categories of service providers, which may be located in the United States or elsewhere:

We choose providers that agree to protect personal information and to use it only to provide services to us. Business customers who need a specific list of the providers we use can request one, under a data processing addendum, at trey@vizzion.io.

Cookies and similar technologies

The embedded widget

The widget uses your browser’s session storage to hold a temporary session identifier so it can function during your visit. It does not set advertising cookies, and its requests to our servers are made without cookies. If a verification challenge is shown to prevent abuse, our security provider may set its own cookies or storage governed by its policies.

Our websites and dashboard

On vizzion.io we use a small number of cookies and similar technologies, including a third-party product-analytics tool that helps us understand aggregate usage, and — in the Customer dashboard — strictly necessary cookies to keep you signed in and remember preferences.

Your choices

Most browsers let you block or delete cookies and clear session storage. Some browsers offer a Global Privacy Control (GPC) signal; where required, we treat a GPC signal as a request to opt out of any “sale” or “sharing” as those terms are defined by applicable law (note that we do not sell or share personal information for advertising).

How long we keep information

We keep personal information only as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law.

• Uploaded photos are retained for up to 30 days and then deleted from active storage.
• Generated visualizations and shareable preview links are retained for approximately 7 days; preview links expire and stop working after that period.
• Lead and account records are retained for as long as the relevant Customer maintains their account or as needed to provide the Service, after which they are deleted or de-identified. Customers can delete leads from their dashboard.
• Backups and logs may persist for a limited additional period before being overwritten.

You can ask us to delete information sooner — see Your privacy rights and choices.

How we protect information

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, private storage for uploaded photos and generated images (served only through time-limited links), hashing of IP addresses, and abuse-prevention controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your privacy rights and choices

Depending on where you live, you may have the right to:

• access the personal information we hold about you;
• correct inaccurate information;
• delete your information;
• receive a copy in a portable format;
• opt out of the “sale” or “sharing” of personal information or certain profiling (we do not sell or share personal information);
• withdraw consent where processing is based on consent; and
• not be discriminated against for exercising your rights.

How to exercise your rights

End Users: because the business that operates the widget is usually responsible for your submission, contact that business first; you may also email us at trey@vizzion.io and we will assist and coordinate with the Customer. Customers and website visitors: email trey@vizzion.io. We will verify your request (for example, by confirming control of the email address involved) before acting, and we will respond within the time required by applicable law. You may use an authorized agent where the law permits.

U.S. state privacy rights

If you are a resident of California or another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others), you have the rights described above, subject to certain exceptions.

• Categories we collect: identifiers (such as email and hashed IP), internet or network activity (such as usage events and the referring page), visual information (the photos you upload and the visualizations generated), and, when you provide them, your communications and account details.
• Sources, purposes, and disclosures are described in Information we collect, How we use information, and How we share information.
• Sale or sharing: we do not sell personal information and do not share it for cross-context behavioral advertising.
• Sensitive information: a photo that depicts a person may, in some cases, be treated as sensitive personal information; we use it only to provide the visualization you requested and do not use it to infer characteristics about you.
• Appeals: if we deny your request, you may appeal by replying to our decision. You may also contact your state attorney general with concerns.

California “Shine the Light”: you may request information about disclosures of personal information to third parties for their own direct marketing. We do not make such disclosures.

Users in the EEA, United Kingdom, and Switzerland

Where the GDPR or UK GDPR applies:

• Controller and processor. For information submitted through a Customer’s widget, the Customer is typically the controller and Vizzion is the processor (see Our role). For our own websites and accounts, Vizzion is the controller.
• Legal bases. We rely on performance of a contract (to provide the Service you request); legitimate interests (to secure, operate, measure, and improve the Service, balanced against your rights); consent (where required, such as certain cookies — you may withdraw it at any time); and compliance with legal obligations.
• Additional rights. You may object to or restrict certain processing and lodge a complaint with your local supervisory authority.
• Transfers. We are based in the United States and use providers there; see International data transfers.

International data transfers

We operate in the United States, and our service providers are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries, which may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for these transfers. Contact us for more information.

Children’s privacy

The Service is intended for adults and is not directed to children. We do not knowingly collect personal information from children under 13 (or the minimum age required in your jurisdiction). You must be at least 18 years old to upload a photo, particularly a photo that depicts a person. If you believe a child has provided us personal information, contact us at trey@vizzion.io and we will take appropriate steps to delete it.

Third-party websites and businesses

The widget appears on websites operated by our Customers, and visualizations may be emailed or shared as links. Those Customer websites, and any other third-party sites or services you reach through links, have their own privacy practices that we do not control. We encourage you to review the privacy notice of the business whose widget you used and of any website you visit.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, provide additional notice. Your continued use of the Service after an update takes effect means you accept the revised policy.

How to contact us

If you have questions or requests regarding this Privacy Policy or your personal information, contact us:

• Email: trey@vizzion.io
• Or use the contact form at our website

We will respond as required by applicable law. If you are an End User, remember that the business operating the widget you used may also be able to help with your request.