Privacy Policy

Visito is operated by Armin Keshani (SIRET 85044979400021). Contact: privacy@visito.world.

• Account data: email, full name, locale, timezone, optional phone.
• Business data: business name, slug, address, opening hours, menu, photos, the content you publish.
• Customer activity: order history, AI conversations with the business concierge, reviews you write.
• Operational: session cookies, IP (for security + rate limit), user-agent, anonymised analytics.
• Payments: we never store card numbers. Stripe holds those in a PCI vault. We keep transaction IDs and amounts.

All customer data sits in Supabase (Frankfurt, eu-central-1). Files and uploads on Cloudflare R2 (EU). Email through Resend (EU). Payments through Stripe (Ireland). Logs and observability on EU regions. We never ship raw personal data to an AI provider — see below.

When you generate an image, video, translation, or chat through Visito, we send only the minimum to the AI provider: your prompt, the business's public content (menu, hours), and the conversation context. We strip emails, phone numbers, and card patterns server-side before any provider call.

• Access — request a full export, JSON-formatted, within 30 days.
• Rectification — edit any field in Settings.
• Erasure — delete your account with a 30-day cool-down.
• Portability — JSON export is portable to any compatible service.
• Object — opt out of marketing email in Settings → Notifications.

Exercise any of these at privacy@visito.world or directly inside Settings.

Vercel · Supabase · Cloudflare · Stripe · Resend · Anthropic · Higgsfield · Mux · ElevenLabs · Mapbox · Upstash · Trigger.dev · Sentry · PostHog (self-hosted).

We have signed Data Processing Agreements (DPA) with every sub-processor that touches identifiable data.

We notify by email when material changes happen. Last update is shown above the title.