VI Engine

Legal

Privacy Policy

Effective: April 13, 2026

This page describes the current, verified Vi-Engine implementation in plain language. We keep it evidence-based and update it when the product changes, rather than making broad claims that the app does not currently support.

What we collect to run the service

  • Account and workspace details you provide, such as email address, profile information, workspace name, and team membership.
  • Content and media you create or upload so Vi-Engine can draft, schedule, publish, and review your work.
  • Connected-platform authorization results when you link a social account through an official authorization-code flow.
  • Browser-side session and workspace state needed for sign-in, billing snapshots, onboarding state, and internal FounderSpace access.

How browser sessions currently work

Customer authentication currently uses a short-lived access token together with a refresh token. The frontend stores both values in localStorage.

To let Next.js middleware protect customer routes before the app hydrates, the frontend also mirrors the current access token into a first-party vi_access_token cookie.

FounderSpace uses a separate internal auth flow. Its internal auth value is stored in sessionStorage and does not reuse the customer dashboard login state.

Connected social accounts

Vi-Engine connects social accounts through official OAuth 2.0 authorization-code flows. We do not ask you to type your social platform passwords into the Vi-Engine app.

Platform credentials returned by those flows are stored on the backend in encrypted form using AES-256-GCM and are used only for the actions you authorize, such as publishing, analytics sync, or account status checks.

Retention and deletion

  • AI prompt and response logs are purged after 30 days.
  • Soft-deleted gallery media is permanently removed after a 30-day grace window.
  • Older published-content records may be anonymized after 180 days while non-identifying aggregate learnings remain.
  • Workspace-specific campaign learnings stay isolated to the correct workspace and are not described as cross-workspace learning.

When data is shared with third parties

Data is shared with third-party services only when the feature requires it — for example, when you use an official social-platform connection, complete billing checkout, or invoke an AI provider through the product.

Different providers apply their own terms and privacy notices while you are on their domains or using their APIs.

Contact

For privacy questions or data requests, contact privacy@viengine.social.