Vizillo AIVizillo AI

Privacy Policy

Last Updated: June 22, 2026

Privacy Policy for vizillo.com and Vizillo AI App (com.vizillo.app) by RB Ventures, in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and applicable provincial privacy laws. By accessing vizillo.com or using the Vizillo AI app, you agree to the terms outlined in this policy.

1. Information Collection

1.1 Personal Information

When you register for an account on vizillo.com, we may collect personal information such as your name, email address, and profile picture. Profile pictures are stored for display purposes only and are not used for biometric or facial recognition processing of any kind.

1.2 User Contributions

Your posts, including questions, answers, and comments, contribute to the information we collect. Personal information shared in these contributions may be publicly visible.

1.3 Installed Applications Data (App-Specific)

The Vizillo AI app collects information about the installed applications on your device using the query_all_packages API. This includes only the package names of the installed applications. We acknowledge that installed-app data can reveal sensitive personal attributes, including but not limited to religious affiliation (prayer apps), health status (medication/wellness apps), political views, financial situation (lending/gambling apps), and relationship status. We collect the full list rather than a targeted subset because scam apps are unpredictable and may appear under any category; a complete enumeration is necessary to reliably detect threats before they cause harm.

The collected data is securely transmitted to our servers and retained only as long as necessary to perform scam detection. Once the analysis is complete, data is securely deleted.

1.4 VpnService and Network Data

The Vizillo AI app uses the Android VpnService to provide a secure, encrypted tunnel for your web traffic using AES-256 encryption via WireGuard, a modern and audited protocol. This is a core feature that protects your data from interception on public networks and masks your IP address to prevent tracking by malicious websites.

Strict No-Logging Commitment: We operate a strict no-logging policy. We do not collect, store, log, or share:

  • Your browsing activity, history, or destinations.
  • Your DNS queries.
  • Your connection timestamps or duration.
  • Your originating IP address.
  • Any data transmitted through the VPN tunnel.

VPN session metadata (connection start and end times associated with a temporary session ID) is purged automatically every 2 hours and is never linked to your account. These claims are independently verifiable — our VPN implementation uses standard WireGuard without any custom logging extensions. We encourage independent security researchers to audit our implementation.

1.5 Smart Notification Shield (Notification Access)

The SMS Scanner feature uses Android's NotificationListenerService to analyze incoming notification snippets from messaging apps (e.g., WhatsApp, SMS, Gmail) for scam attempts and phishing links. Before any notification body content is processed, our Data Masking technology automatically redacts sensitive personal identifiable information (PII) such as bank card numbers, OTPs, and emails. Only extracted URLs and sender identifiers are sent to our servers for analysis. The original message body never leaves your device.

1.6 Location Data

The app may request access to your device's location and nearby Wi-Fi devices. This data is used to provide region-specific scam intelligence and verify Wi-Fi network security. Location data is processed locally where possible and is not used to track your movements or for marketing purposes.

1.7 Contact and Phone State

Access to your Contacts and Phone State is used to identify unknown or suspicious numbers during calls or messaging. We do not upload your contact list to our servers.

1.8 Media, Files, and Microphone

To provide Malware Scanning and Image Analysis, the app may request access to your files, photos, and microphone. We only access files you explicitly choose to scan or those identified by real-time protection as potentially harmful.

1.9 Subscriptions and Payments

When you purchase a subscription, payment is handled securely via the Google Play Billing system. We do not store your credit card details on our servers. We only receive a confirmation of purchase and a transaction ID to manage your subscription status.

2. Use of Information

2.1 User Engagement: We use your information to facilitate your interaction on vizillo.com and the Vizillo AI app.

2.2 Personalization: Your data helps us personalize your experience, such as recommending relevant content, sending notifications, or providing tailored insights.

2.3 Communication: With your express consent obtained at registration, we may send you commercial electronic messages (CEMs) including promotional material related to vizillo.com. All commercial emails will identify the sender (RB Ventures, with our physical address below) and include a working unsubscribe mechanism. You can withdraw your consent at any time, and unsubscribe requests will be processed within 10 business days as required by Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23). We retain records of consent for 3 years.

3. Information Sharing

3.1 User Contributions: Your posts on vizillo.com are visible to other users. Avoid sharing personal information that you do not want to be publicly accessible.

3.2 Service Providers: We may collaborate with third-party service providers to maintain our platform, including Supabase (US-based cloud infrastructure) and Google Firebase (US-based cloud services). All providers operate under contractual obligations consistent with PIPEDA to keep your information confidential and secure.

3.3 Legal Compliance: We may disclose your personal information if required by law or in response to a valid legal request from authorities.

4. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit using TLS 1.3 for all API communications.
  • End-to-end encryption where technically feasible.
  • VPN traffic encrypted with AES-256 via the WireGuard protocol.
  • Secure storage on servers with restricted access, encryption at rest, and access logging.
  • Regular security reviews of our infrastructure.

However, no method of data transmission or storage can be completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy:

  • Account data (name, email): retained until account deletion.
  • User posts (questions, answers): retained as long as your account is active.
  • Installed-app scan data: deleted immediately after analysis.
  • Call and message logs: stored locally on your device only and never uploaded.
  • VPN session metadata: purged every 2 hours.
  • Marketing consent records: retained for 3 years as required by CASL.

Retention periods are reviewed periodically to ensure compliance with PIPEDA.

We take reasonable steps to ensure your personal information is accurate, complete, and up-to-date for the purposes for which it is used. You can help us maintain accuracy by updating your account information when changes occur.

6. Your Rights (Access and Correction)

Under PIPEDA, you have the right to:

  • Access the personal information we hold about you.
  • Challenge the accuracy of your information and have it corrected.
  • Withdraw your consent at any time, subject to legal or contractual restrictions.
  • Request deletion of your data.

To exercise these rights, submit a request to our Privacy Officer (contact details below). We will respond within 30 days as required by PIPEDA.

7. Children's Privacy

Our services are not intended for individuals under the age of 14. For residents of Quebec, heightened privacy protections apply to users under 14. We do not knowingly collect personal information from minors. If we become aware that data has been collected from a minor in violation of applicable law, we will promptly delete it.

8. User Consent and Withdrawal

8.1 Consent: We obtain your consent at multiple stages — when you accept the prominent disclosure for installed-app scanning, when you grant notification access for Smart Shield features, and when you enable the VPN service.

8.2 Withdrawal of Consent: You can withdraw your consent at any time by disabling specific features in the app settings, uninstalling the app, or contacting our Privacy Officer at support@vizillo.com.

9. Breach Notification

In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm to you, we will:

  • Notify you promptly via email or in-app notification.
  • Report the breach to the Office of the Privacy Commissioner of Canada (OPC) as required by PIPEDA's breach notification regulations (SOR/2018-64).
  • Take steps to contain the breach and prevent future occurrences.

10. Québec Residents — Law 25 Compliance

For residents of Québec, the Act respecting the protection of personal information in the private sector (Law 25, LQ 2021, c. 25) provides additional rights beyond those described above:

  • Data Portability: You have the right to request your personal information in a structured, commonly used technological format.
  • Privacy Impact Assessment: We conduct privacy impact assessments for any new technology that processes personal information, including the VpnService and package-scanning features.
  • Data Minimization: We collect only the information necessary for the stated purposes.
  • Profiling: We do not engage in automated profiling — any use of your data to assess, analyze, or predict personal preferences, behaviors, or attributes will be disclosed and handled in accordance with Law 25.
  • Automated Decision-Making: Where automated decisions are made based on your personal information, you will be informed and have the right to request human review.
  • Right to De-indexation: You have the right to request that your personal information no longer be linked or disseminated online. We will process such requests promptly.

To exercise your rights under Law 25, contact our Privacy Officer at support@vizillo.com.

11. Account Deletion

Users may request account and data deletion at any time by visiting our dedicated deletion portal:

https://vizillo.com/settings/delete

Upon receiving a verified deletion request, personal profile information, scan history, community posts, and subscription status will be permanently erased. Financial transaction records may be retained for the minimum period required by tax and audit laws. Deletion is processed within 7 business days of a verified request.

12. Changes to the Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via notifications within the Vizillo AI app and emails sent to registered users. Your continued use of our services after changes are made indicates your acceptance of the updated policy.

13. Privacy Officer

If you have questions, concerns, or wish to exercise your rights under PIPEDA, please contact our Chief Privacy Officer:

RB Ventures
Attn: Privacy Officer
Email: support@vizillo.com

14. Third-Party Websites and Services

This Privacy Policy applies solely to vizillo.com and the Vizillo AI app. We are not responsible for the privacy practices of third-party websites or services linked from our platform. Please review the privacy policies of those third parties before sharing personal information.

By using vizillo.com and the Vizillo AI app, you agree to this Privacy Policy. If you do not agree with the terms, please discontinue the use of our services.