Privacy Policy
Viri is built isolated by design: your workspace data trains nothing, and no other customer ever sees it. This policy explains what we collect, why, who processes it, and the control you keep over it.
This Privacy Policy describes how White Fox Media LLC(“White Fox”, “we”, “us”), operator of the Viri service (“Viri”, the “Service”), handles information. Our registered address is 359 North 680 East, Vineyard, UT 84059, USA. Questions or requests: privacy@virimind.com.
1. Information we collect
- Account information. Your name and email, provided through our authentication provider when you create or join a workspace, plus workspace and role settings.
- Brain content you give us. The business information you enter or upload so Viri can work for you: offers, funnels, audiences, competitors, brand and strategy notes, interview answers, and documents you choose to upload (for example PDFs, Word, PowerPoint, or spreadsheets).
- Connected platform data. When you connect an advertising, analytics, CRM, or content account (such as Meta, Google, LinkedIn, TikTok, or Snapchat), Viri reads the account data needed to audit and report on it, for example campaigns, ad sets, ads, objectives, and performance metrics. By default Viri reads this data; it does not create, edit, pause, or spend on your ad accounts unless you explicitly direct an action, and a human on your side confirms it.
- Google Workspace data. If you connect Google, Viri uses narrowly scoped access: it creates and reads files it makes for you (exports, generated documents), and reads only the specific files you select through Google’s own file picker. Viri does not browse or read your wider Google Drive.
- Prospecting data. For the LinkedIn Leads feature, Viri processes public professional profile and post-engagement information for the people and companies you choose to target or watch.
- Usage and audit logs. Records of actions taken in the Service (who connected what, ran which skill, accepted which finding) so the Service is auditable and secure.
2. How we use information
- To operate the Service: run audits, build the Brain, generate briefs, drafts, dashboards, and reports, and surface recommendations, all scoped to your workspace.
- To provide support, secure the Service, prevent abuse, and meet legal obligations.
- We do not train AI models on your data. Your workspace content is not used to train, fine-tune, or improve any model, and it is never shared or commingled with any other customer’s data.
3. Google API Services — Limited Use
Viri’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained from Google APIs is used only to provide or improve features you request, is never sold, is not used for advertising, and is not transferred to others except as needed to provide the Service, to comply with law, or with your consent.
4. Meta platform data
Data obtained through Meta’s APIs is used solely to provide the Service you connect it for, handled in line with Meta’s Platform Terms and Developer Policies, and never sold or used to train models. You can revoke Viri’s access at any time in your Meta Business settings, and you can request deletion as described in Section 8.
5. Sharing and sub-processors
We do not sell your data. We share it only with vendors that process it on our behalf to run the Service, under contract and confidentiality:
- Anthropic — AI processing (the models that generate audits, drafts, and analysis). Data sent to Anthropic’s API is not used to train its models.
- Supabase — database hosting (your workspace data at rest).
- Railway — application hosting.
- Clerk — authentication.
- Data-enrichment providers (for LinkedIn Leads, where enabled) — to fetch public professional data for the targets you choose.
Your connected platforms (Meta, Google, and others) are your own accounts; we access them only with the permissions you grant.
6. Security
Connection credentials and API tokens are encrypted at rest (AES-256-GCM) the moment they arrive and are never shown back to you, logged, or shared. Every workspace is isolated: access is enforced on every request so one customer’s data can never reach another. Data is encrypted in transit.
7. Retention and export
Your Brain is your asset. You can export it at any time from Settings. We retain your workspace data for as long as your account is active. When you delete a workspace or close your account, we delete its data within 30 days, except where we must keep limited records to comply with law (for example billing records).
8. Your rights, and deleting your data
You can access, correct, export, or delete your data, and revoke any connected platform at any time. Depending on where you live, you may have rights under the GDPR or CCPA/CPRA, including access, correction, deletion, portability, and the right to object. To exercise any right, or to request deletion of data obtained through Meta or Google, see our Data Deletion page or email privacy@virimind.com. We do not sell personal information.
9. International transfers, children, and changes
We are based in the United States and process data there. The Service is for businesses and is not directed to children under 18. We may update this policy; we will change the date above and, for material changes, notify you in the Service. Continued use after an update means you accept the revised policy.
10. Contact
White Fox Media LLC, 359 North 680 East, Vineyard, UT 84059, USA. privacy@virimind.com.