Privacy Policy

Who We Are

Visura Flow (“we”, “us”, “our”) is a software-as-a-service platform built for interior designers, providing tools for client management, project presentations, lead intelligence, and team collaboration. We operate from the United Kingdom.

For the purposes of UK GDPR and EU GDPR, Visura Flow is the data controller of the personal data you provide when using our service. You can contact us at privacy@visuraflow.com for any data-related queries.

What Data We Collect

2.1 Account & profile data

When you register, we collect your name, email address, and password (stored as a bcrypt hash). If you connect via a third-party OAuth provider (Google), we receive your name, email, and profile image from that provider.

2.2 Business & professional data

You may voluntarily add your studio name, logo, address, and professional website to your profile. This information is used to personalise your client-facing presentations.

2.3 Client & lead data

You enter data about your own clients and leads — including names, email addresses, phone numbers, company names, project notes, and meeting records. You are the data controller for this client data; we process it on your behalf as a data processor.

2.4 Project and content data

We store all project content you create — room plans, moodboard images, product references, PDF documents, and any URLs you clip from third-party websites using our browser extension.

2.5 Payment data

Subscription payments are processed by Stripe. We never store your full card number on our servers. We receive and store a Stripe Customer ID and subscription status only.

2.6 Usage and technical data

We automatically collect IP address, browser type, device information, pages visited, and feature usage events. We use this data to improve the product and diagnose technical issues.

2.7 Cookies

We use strictly necessary cookies for authentication session management. We may also use analytics cookies (e.g. Vercel Analytics) to understand aggregate usage. You can control non-essential cookies via your browser settings.

How We Use Your Data

We do not sell your data or your clients' data to third parties. We do not use your data to train AI models without your explicit consent.

AI Features

Visura Flow uses Google Gemini (via the Gemini API) to power the AI Lead Intelligence feature. When you request an AI analysis of a lead's website, the publicly accessible text content of that website is sent to Google's API. No personal data from your account or your clients' records is included in these requests beyond the website URL you provide.

AI-generated content is advisory only. You should independently verify any intelligence before acting on it. Visura Flow is not responsible for inaccuracies in AI-generated outputs.

Who We Share Data With

We share data only with trusted sub-processors necessary to operate the service:

All US-based providers operate under Standard Contractual Clauses (SCCs) or are covered by the UK–US Data Bridge, ensuring adequate safeguards for international transfers under UK GDPR.

Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g. financial records, which may be retained for up to 7 years in accordance with UK tax law).

Client and lead data you have entered is deleted alongside your account. You can export your data at any time before deletion.

Your Rights (UK & EU GDPR)

You have the following rights regarding your personal data:

• —Right to access — request a copy of the data we hold about you
• —Right to rectification — correct inaccurate or incomplete data
• —Right to erasure — request deletion of your data ('right to be forgotten')
• —Right to restriction — ask us to limit how we use your data
• —Right to data portability — receive your data in a machine-readable format
• —Right to object — object to processing based on legitimate interest
• —Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you

To exercise any of these rights, email us at privacy@visuraflow.com. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Data Security

We implement industry-standard security measures including:

• —All data encrypted in transit via TLS 1.2+
• —Database encrypted at rest (AES-256)
• —Row-level security (RLS) enforced at the database layer — users can only access their own data
• —API keys and secrets stored in environment variables, never in source code
• —Access to production systems restricted to authorised personnel only

Despite these measures, no internet transmission is 100% secure. Please protect your account password and notify us immediately if you suspect unauthorised access.

Children's Privacy

Visura Flow is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and/or an in-app notice at least 14 days before any material changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact Us

For any questions about this policy or how we handle your data, contact our data team at privacy@visuraflow.com.

Visura Flow · United Kingdom