Privacy Policy
1. Who we are
VINCLI LTD is a company registered in England & Wales (company number 16677554), registered office 128 City Road, London, EC1V 2NX, United Kingdom. For any privacy matter, contact us at hello@vincli.com.
2. What data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, display name, authentication identifiers, hashed password (managed by our auth provider) | You, at sign-up |
| Content you submit | Videos you upload, YouTube/video URLs you paste, and data we derive from them (e.g. transcripts, predicted neural-response data) | You |
| Usage & technical data | IP address, device/browser type, pages viewed, scan history, timestamps, diagnostic logs | Automatically |
| Billing data | Plan, transaction records. Card details are handled by our payment processor — we do not store full card numbers | You / payment processor (paid plans) |
| Communications | Messages you send us (support, enquiries) | You |
3. How and why we use it (legal bases)
| Purpose | Legal basis (UK GDPR Art. 6) |
|---|---|
| Provide the Service, run scans, return results | Performance of a contract |
| Create and secure your account | Performance of a contract |
| Take payment and manage subscriptions | Performance of a contract; legal obligation (tax/records) |
| Maintain, debug, secure and improve the Service; prevent abuse | Legitimate interests |
| Respond to your enquiries | Legitimate interests |
| Send service/transactional emails | Performance of a contract |
| Send marketing (if any) | Consent (you may withdraw at any time) |
| Comply with law and enforce our terms | Legal obligation; legitimate interests |
The Service generates predicted brain-response data from your content using an AI model. This is automated processing used to produce the analytical output you requested; it does not produce legal or similarly significant effects about you, and it is not used to make decisions about you as an individual.
4. Your videos and content
We process the videos and URLs you submit solely to perform the scan you request and to show you the result. We do not sell your content. We do not use the substance of your private uploads to train third-party foundation models. Derived outputs (transcripts, predicted activity) are stored with your account so you can revisit your scans, and are deleted when you delete the scan or your account, or per the retention periods below.
5. Who we share data with (processors)
We use carefully selected service providers who process data on our instructions:
| Provider | Purpose |
|---|---|
| Supabase | Authentication and database (account data, scan metadata) |
| Vercel | Website hosting and content delivery |
| RunPod (or equivalent GPU host) | Compute used to process your video and run the model |
| Anthropic | Generating written insight from scan data, where that feature is enabled |
| Serving web fonts | |
| [Payment processor, e.g. Stripe] | Processing payments (paid plans) |
We may also disclose data where required by law, to enforce our terms, or in connection with a corporate transaction (e.g. merger or acquisition), subject to appropriate safeguards.
6. International transfers
Some providers are located outside the UK (including the United States). Where we transfer personal data outside the UK, we rely on an adequacy decision or appropriate safeguards such as the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses. You can request details from hello@vincli.com.
7. How long we keep data
- Account data — for as long as your account is active, then deleted or anonymised within a reasonable period after closure.
- Uploaded videos — retained only as needed to provide and display your scan, and removed from active processing systems promptly after the scan completes [confirm exact retention window].
- Scan outputs / history — kept with your account until you delete them or your account.
- Billing records — retained as required by law (typically up to 6 years for UK tax purposes).
8. Your rights
Subject to UK GDPR, you have the right to: access; rectification; erasure; restriction; data portability; object to processing (including profiling) based on legitimate interests or for direct marketing; and to withdraw consent at any time. To exercise any right, email hello@vincli.com. We will respond within one month.
9. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. Cookies
We use strictly necessary cookies and local storage to keep you signed in and to operate the Service. See our Cookie Policy for details.
11. Children
The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Changes
We may update this policy. We will post the new version here and update the "Last updated" date; material changes may be notified by email or in-product.
13. Contact & complaints
Questions or requests: hello@vincli.com.
You also have the right to complain to the UK Information Commissioner's Office (ICO) at
ico.org.uk or 0303 123 1113, though we'd
appreciate the chance to resolve your concern first.