Privacy Policy

Viso.li is the Data Controller responsible for your personal data.

For full legal details about our company entity, please refer to our Impressum (Legal Notice).

Contact us at:

Email: support@granitecode.io
Website: https://viso.li

We collect data from two distinct groups of users:

A. Registered Users (Account Holders)

If you create an account and log in to our platform, we collect:

• Your email address
• Account plan information
• Billing details (processed by our payment provider)
• Session cookie for authentication (see Section 7)

B. Link Visitors (Redirects)

When someone clicks on a shortened Viso.li link, we process certain technical datatransiently (on-the-fly) to provide the service and analytics.

This includes:

• Timestamp of access
• IP Address (anonymized immediately and NOT stored)
• User-Agent (Device type, Browser, OS)
• Referrer URL (where the link was clicked)
• Approximate geographic location (derived from IP before anonymization: Country, City)

Important for Visitors Worldwide: We do not store your IP address. The IP address is briefly processed in memory to determine your approximate location (e.g., "Berlin, Germany" or "New York, USA") and to check for abuse (spam/DDOS), and is then immediately discarded. We do not create persistent user profiles of link visitors.

We use collected data to:

• Provide link redirection, tracking, and analytics to our customers (Link Creators)
• Enable login sessions and manage user accounts
• Improve performance and usability of our Service
• Detect and prevent abuse (e.g., spam, phishing, or fraudulent traffic)

We do not use collected data for marketing, profiling, or advertising purposes.

We rely on the following legal bases under the GDPR (DSGVO) and equivalent international frameworks:

• Contract Performance (Art. 6(1)(b) GDPR): For registered users, to manage account access and provide the paid or free link shortening features.
• Legitimate Interest (Art. 6(1)(f) GDPR): For Link Visitors, our legitimate interest is to provide functional link redirection, generateaggregated and de-identified usage statistics for our customers (the link creators), and ensure the security and stability of our system (prevention of abuse). This analytics data cannot reasonably be used to identify an individual, and we do not store personal identifiers such as IP addresses.
• Consent (Art. 6(1)(a) GDPR): Where explicitly required (e.g., for optional cookies, though we currently do not use optional tracking cookies).

We believe in equal privacy rights for all users, regardless of where they live. Therefore, we extend the following GDPR-level rights to all users globally:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (e.g., deleting your account).
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Right to Restrict Processing: Suspend processing of your data.
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country or state of residence if you believe we have violated data protection laws.

United States (CCPA/CPRA & Others)

• Do Not Sell or Share My Personal Information: We do not sell your personal data. We do not share your personal data for cross-context behavioral advertising.
• Sensitive Personal Information: We do not collect sensitive personal information (such as SSN, health data, or biometrics) from link visitors.
• Global Privacy Control (GPC) / Do Not Track (DNT): We respect browser-based DNT and GPC signals. However, since we do not track link visitors across websites or sell data, our behavior remains privacy-preserving regardless of these signals.

Brazil (LGPD)

If you are located in Brazil, you have the rights outlined in Section 5, consistent with the Lei Geral de Proteção de Dados (LGPD). The legal bases for processing your data are the same as those listed in Section 4 (Performance of Contract and Legitimate Interest).

We do not sell or share personal data with third parties for advertising. We share data with the following Processors to provide our service:

• Vercel Inc. (Hosting & Edge Network) – Vercel processes requests to our service. They may process IP addresses transiently for security (DDOS protection) and to provide us with the geographic headers we use for analytics.
  340 S Lemon Ave #4133, Walnut, CA 91789, USA.
• Stripe, Inc. – Payment Processing. Stripe processes payment information for subscription billing. We do NOT store your full credit card information; it is handled directly by Stripe in a PCI-DSS compliant manner.
  510 Townsend St, San Francisco, CA 94103, USA (and/or Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland for EU/UK transactions).
• Namecheap, Inc. – Domain provider.
  4600 East Washington Street, Suite 300, Phoenix, AZ 85034, USA.

All third-party vendors are contractually obligated to process data securely and lawfully (Data Processing Agreements).

We use cookies strictly for the following purposes:

A. For Registered Users (Login)

When a user logs into their Viso.li account, a session cookie is created to authenticate the user. This cookie:

• Is essential for secure access to the account dashboard.
• Does not track users beyond the session.
• Expires automatically after logout or inactivity.

B. For Link Visitors

We do NOT set cookies for users who merely click on a shortened link. We do not use tracking pixels or persistent identifiers for link visitors.

In compliance with the GDPR and ePrivacy Directive, we only use strictly necessary cookies by default (for logged-in users). If any optional cookies are introduced in the future, we will seek explicit consent via a cookie banner or preference center.

We retain data for the following periods:

• Anonymized link analytics data is retained for up to 60 months to provide our users with historical analytics and to identify long-term trends. As this data is anonymized (no IP, no PII), it is not subject to deletion requests as it cannot be linked back to an individual.
• Account data is retained for as long as your account remains active, and for a reasonable period thereafter to comply with our legal obligations.
• Session cookies are retained only for the duration of your login session.

You may delete your account at any time by contacting support@granitecode.io.

We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encrypted HTTPS communication (SSL/TLS)
• Secure session handling
• Infrastructure-level protection provided by Vercel
• Strict access controls and role-based permissions
• Regular security assessments and employee training

We may transfer anonymized or account-related data to our processors (e.g., Vercel) in the U.S. or other jurisdictions. These transfers are protected using:

• Standard Contractual Clauses (SCCs)
• Participation in the EU-U.S. Data Privacy Framework (if applicable)

For questions about this policy or your data:

Viso.li
Email: support@granitecode.io
Website: https://viso.li

Data Protection Officer (DPO): In accordance with Article 37 GDPR and §38 BDSG, we are not required to appoint a Data Protection Officer, as our core activities do not consist of large-scale processing of sensitive personal data or systematic monitoring of individuals. All data protection inquiries can be directed to the contact details above.