Version 2 | Effective Date: February 18, 2026
This Privacy Policy explains how Empa3D LLC (“Empa3D,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal data when you register for and use Vizibeat, including during its beta program. Vizibeat is a software product developed and owned by Empa3D LLC, a California limited liability company. All data collected through Vizibeat is controlled by Empa3D LLC. We are committed to handling your data transparently and in accordance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR).
Please read this policy carefully. By registering for or using Vizibeat, you confirm you have read and understood it.
1. WHO WE ARE (DATA CONTROLLER)
Empa3D LLC is the data controller responsible for your personal data. This means we determine the purposes and means of processing your data.
If you have any questions about this policy or wish to exercise your data rights, you may contact us at:
Email: legal@empa3d.com
Empa3D LLC
555 Capitol Mall
Suite 1150
Sacramento, CA 95814
United States
We aim to respond to all data rights requests within 30 days.
2. WHAT DATA WE COLLECT AND WHY
We collect personal data across three systems: your user account, your license activations, and billing and subscription records mirrored from our payment provider. Below we describe each category of data, why we collect it, and the legal basis under which we process it.
2a. USER ACCOUNT DATA
When you register for Vizibeat, we collect and store the following in our user database:
– First and last name
– Email address
– Country code
– Postal code / region
– Account creation date
– Last access check time
– Last plugin version used
Why we collect it: This data is necessary to create and manage your account, verify your eligibility to participate in the beta program, deliver activation notices and other communications, and provide technical support.
Legal basis (GDPR): Performance of a contract (Article 6(1)(b)) — processing your name, email, country, and account dates is necessary to fulfill our obligations under the Beta Test Agreement. Legitimate interests (Article 6(1)(f)) — we retain last access time and last plugin version to monitor beta participation, improve the software, and maintain the security and integrity of our systems. Legal obligation (Article 6(1)(c)) — we may also process or retain data where required to comply with applicable law, including responding to lawful requests from courts or government authorities.
2b. LICENSE ACTIVATION DATA
When you activate a software seat, we collect and store the following in our license activations database:
– Computer name
– Activation date and time
– A one-way hardware fingerprint (a hashed string derived from hardware identifiers on your device; this cannot be reversed to identify your hardware or you as an individual)
Why we collect it: This data is necessary to enforce license seat limits, prevent unauthorized use, and verify that activations are legitimate.
Legal basis (GDPR): Performance of a contract (Article 6(1)(b)) — license enforcement is a core part of our Beta Test Agreement obligations. Legitimate interests (Article 6(1)(f)) — protecting the integrity of our software licensing is a legitimate business interest that does not override your rights.
2c. BILLING AND SUBSCRIPTION DATA
We maintain local copies of certain billing and subscription records received from Paddle via webhook. No payment card information, billing addresses, or IP addresses are stored in these records. The three databases are:
Businesses: Stores the creation date, business name, and tax identifier for enterprise customers operating under custom contracts. This data relates to legal entities rather than individuals. However, where a tax identifier could be linked to a natural person (for example, a sole trader), it is treated as personal data.
Subscriptions: Stores the creation date, currency, customer or business ID, product, quantity, cost, and subscription status. The customer or business ID links to both Paddle’s systems and our own user database, meaning subscription records can be associated with an identifiable individual.
Transactions: Stores the creation date, currency, customer or business ID, product, quantity, cost, and transaction status. As with subscriptions, the customer or business ID can be linked to an identifiable individual in our user database.
Why we collect it: These local copies allow us to manage license entitlements and access, and to perform internal accounting and reconciliation without relying solely on Paddle’s systems.
Legal basis (GDPR): Performance of a contract (Article 6(1)(b)) — maintaining subscription and transaction records is necessary to manage your license and fulfill our obligations under the Beta Test Agreement. Legitimate interests (Article 6(1)(f)) — local copies support internal reconciliation, accounting, and audit functions. Legal obligation (Article 6(1)(c)) — we may be required to retain transaction records under applicable tax or financial regulation.
2d. COMMUNICATIONS DATA
If you have consented or it is otherwise permitted under applicable law, we may send you:
– Beta update announcements
– Feedback and survey requests
– Marketing and promotional emails about Vizibeat and Empa3D products
Legal basis (GDPR): Consent (Article 6(1)(a)) for marketing communications. Legitimate interests (Article 6(1)(f)) for beta update announcements and feedback requests directly related to your participation.
You may opt out of any non-essential communications at any time by clicking the unsubscribe link in any email or contacting us at legal@empa3d.com. Opting out of marketing will not affect your ability to use Vizibeat or receive essential account notices.
3. HOW LONG WE KEEP YOUR DATA
We retain your personal data for as long as your account is active and as long as necessary to fulfill the purposes described in this policy.
User account data: Retained for the duration of your account. If you request deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by applicable law or for the establishment, exercise, or defense of legal claims.
License activation data: Retained for the duration of the beta program and for 12 months following the end of the beta program, for audit and legal compliance purposes. The hardware fingerprint, being one-way hashed, cannot be used to identify you and is retained for license integrity purposes.
Billing and subscription data: Subscription and transaction records are retained for as long as your account is active and for a minimum of seven (7) years thereafter, as may be required by applicable tax and financial regulations. If you request deletion of your personal data, we will anonymize or delete any personally identifiable elements from these records to the extent permitted by law, while retaining the non-personal financial record for compliance purposes.
Communications and consent data: Records of your communication preferences and any consent you have provided (for example, consent to receive marketing emails) are retained for the duration of your account relationship with Empa3D and for three (3) years following termination of that relationship, for compliance and audit purposes.
We do not currently apply automatic deletion based on inactivity. If you wish to have your data deleted at any time, please contact us as described in Section 6.
4. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We do not share it with third parties for their own marketing purposes.
We share your data only with the following service providers who process it on our behalf and under our instructions:
Google Firebase (Google LLC)
Role: Hosts our user database and authentication infrastructure.
Location: United States (with global infrastructure).
Data protection: Google LLC is certified under the EU-U.S. Data Privacy Framework and offers Standard Contractual Clauses (SCCs) for international transfers. Firebase’s data processing terms are incorporated into Google’s standard terms of service.
More information: https://firebase.google.com/support/privacy
We also interact with the following third party who acts as an independent data controller, not as our subprocessor:
Paddle (Paddle.com Market Limited)
Role: Paddle operates as our Merchant of Record for subscription billing, payments, and tax compliance. In this capacity, Paddle independently determines the purposes and means of processing your billing and payment data, and is solely responsible for that processing under its own privacy policy and applicable law, including UK GDPR. We do not control how Paddle processes your payment data. For questions about Paddle’s data practices or to exercise your rights in relation to payment data, please contact Paddle directly.
More information: https://www.paddle.com/legal/privacy
Please note that Empa3D separately receives and stores a subset of billing and subscription records from Paddle via webhook, as described in Section 2c. That data is held independently by Empa3D for license management and accounting purposes, and Empa3D is the data controller for those local copies.
We may also disclose your data if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of Empa3D, our users, or others.
5. INTERNATIONAL DATA TRANSFERS
Empa3D is based in the United States. If you are located in the European Economic Area (EEA) or the United Kingdom, your personal data will be transferred to and processed in the United States, which is not considered by the European Commission to provide an equivalent level of data protection to the EEA.
We rely on the following safeguards to protect your data in international transfers:
– For data processed via Google Firebase: Standard Contractual Clauses (SCCs) approved by the European Commission, and Google LLC’s certification under the EU-U.S. Data Privacy Framework.
– For data processed directly by Empa3D: We rely on Standard Contractual Clauses where required. If you would like a copy of the applicable SCCs, please contact us at legal@empa3d.com.
6. YOUR RIGHTS
If you are located in the EEA or the United Kingdom, you have the following rights under GDPR and UK GDPR. We will respond to all requests within 30 days.
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request that we correct inaccurate or incomplete personal data.
Right to erasure: You may request that we delete your personal data. We will do so unless we have a legal obligation or legitimate reason to retain it.
Right to restriction: You may request that we restrict processing of your personal data in certain circumstances, for example while a dispute about accuracy is resolved.
Right to data portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format so you can transfer it to another service.
Right to object: You may object to processing based on legitimate interests, including profiling. You may also object to direct marketing at any time, without giving a reason.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at legal@empa3d.com. We may ask you to verify your identity before processing your request.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with your local data protection authority. In the EU, a list of national authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. In the UK, the relevant authority is the Information Commissioner’s Office (ICO) at https://ico.org.uk.
7. COOKIES AND TRACKING
Vizibeat is a desktop software product. We do not use browser cookies. Any telemetry collected by the plugin (last access time, plugin version) is collected at the application level and stored in your user account record as described in Section 2a. We do not use third-party tracking pixels or advertising trackers.
8. CHILDREN’S PRIVACY
Vizibeat is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately at legal@empa3d.com and we will delete it promptly.
9. SECURITY
We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include access controls, encrypted data transmission, and use of reputable cloud infrastructure. Your user account, license activation, and billing and subscription data are all stored on Google Firebase, which provides encryption at rest and in transit as part of its standard infrastructure. However, no system is completely secure, and we cannot guarantee the absolute security of your data.
10. CHANGES TO THIS POLICY
We may update this policy from time to time. If we make material changes, we will notify you by email to your registered address before the changes take effect. The current version will always be available at https://vizibeat.com/privacy-policy/. Continued use of Vizibeat after notification of material changes constitutes acceptance of the updated policy.
11. CONTACT
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
Empa3D LLC (maker of Vizibeat)
Email: legal@empa3d.com
Privacy Policy: https://vizibeat.com/privacy-policy/
If you are in the EEA or UK and have unresolved concerns, you may contact your local data protection authority as described in Section 6.