Try Free Now

Privacy Policy

Vizibeat Privacy Policy
Version 3 | Effective Date: April 21, 2026

This Privacy Policy explains how Empa3D LLC (“Empa3D,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal data when you register for and use Vizibeat. Vizibeat is a software product developed and owned by Empa3D LLC, a California limited liability company. All data collected through Vizibeat is controlled by Empa3D LLC. We handle your data transparently and in accordance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

By registering for or using Vizibeat, you confirm you have read and understood this policy.

1. WHO WE ARE (DATA CONTROLLER)

Empa3D LLC is the data controller responsible for your personal data.

Email: legal@empa3d.com
Privacy Policy: https://vizibeat.com/privacy-policy/

Where applicable law requires physical service of process, notice may be directed to Empa3D LLC’s registered agent on file with the California Secretary of State (publicly available at https://bizfileonline.sos.ca.gov/). Empa3D will also furnish its current business address on written request to legal@empa3d.com within ten (10) business days.

EU/UK Representatives. Empa3D will designate representatives under GDPR Article 27 and UK GDPR Article 27 before making Vizibeat generally available to consumers in those regions; their contact details will be published in this Section 1 when designated.

We aim to respond to all data-rights requests within 30 days.

2. WHAT DATA WE COLLECT AND WHY

We collect personal data across your user account, license activations, and billing/subscription records mirrored from our payment provider.

2a. User Account Data. When you register, we collect and store first and last name, email address, country code, postal code / region, account creation date, last access check time, and last plugin version used.

Why: to create and manage your account, verify eligibility, deliver activation notices and other communications, and provide technical support.

Legal basis (GDPR): Performance of a contract (Art. 6(1)(b)) for processing name, email, country, and account dates necessary to fulfill our obligations under the EULA. Legitimate interests (Art. 6(1)(f)) for retaining last access time and plugin version to improve the software and maintain security. Legal obligation (Art. 6(1)(c)) where required by law.

2b. License Activation Data. When you activate a Seat, we collect computer name, activation date and time, and a one-way hardware fingerprint (a hashed string derived from hardware identifiers; it cannot be reversed to identify your hardware or you as an individual).

Why: to enforce Seat limits, prevent unauthorized use, and verify activation legitimacy.

Legal basis (GDPR): Performance of a contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)) in protecting the integrity of our software licensing.

2c. Billing and Subscription Data. We maintain local copies of certain billing and subscription records received from Paddle via webhook. No payment card information, billing addresses, or IP addresses are stored in these records. The three stores are:

– Businesses: creation date, business name, tax identifier (enterprise customers; treated as personal data where linkable to a natural person such as a sole trader).
– Subscriptions: creation date, currency, customer/business ID, product, quantity, cost, status.
– Transactions: creation date, currency, customer/business ID, product, quantity, cost, status.

The customer/business ID links to both Paddle’s systems and our user database, so these records can be associated with an identifiable individual.

Why: to manage license entitlements and perform internal accounting and reconciliation.

Legal basis (GDPR): Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c)) for retention under applicable tax and financial regulation.

2d. Communications Data. Where you consent or it is otherwise permitted by applicable law, we may send product update announcements, feedback and survey requests, and marketing and promotional emails about Vizibeat and Empa3D products.

Legal basis (GDPR): Consent (Art. 6(1)(a)) for marketing; Legitimate interests (Art. 6(1)(f)) for essential product communications.

You may opt out of non-essential communications at any time via the unsubscribe link in any email or by contacting legal@empa3d.com. Opting out does not affect your ability to use Vizibeat or receive essential account notices.

2e. Sensitive Personal Information. Empa3D does not collect “sensitive personal information” as defined by CCPA/CPRA (including government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, health data, and biometric identifiers).

3. HOW LONG WE KEEP YOUR DATA

User account data: for the duration of your account. On deletion request, we delete or anonymize within 30 days, except where retention is required by law or for the establishment, exercise, or defense of legal claims.

License activation data: for the duration of your Subscription and 12 months thereafter, for audit and legal compliance. The hardware fingerprint, being one-way hashed, cannot identify you and is retained for license integrity.

Billing and subscription data: for the duration of your account and a minimum of seven (7) years thereafter, as may be required by applicable tax and financial regulations. On deletion request, we anonymize personally-identifiable elements to the extent permitted by law while retaining the non-personal financial record for compliance.

Communications and consent data: for the duration of your account relationship and three (3) years thereafter, for compliance and audit.

We do not apply automatic deletion based on inactivity. To request deletion, contact us as described in Section 6.

4. WHO WE SHARE YOUR DATA WITH

We do not “sell” personal information or “share” personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. We do not share your personal data with third parties for their own marketing purposes.

We share your data only with the following service providers who process it on our behalf and under our instructions:

Google Firebase (Google LLC). Hosts our user database and authentication infrastructure. United States, with global infrastructure. Google LLC is certified under the EU-U.S. Data Privacy Framework and offers Standard Contractual Clauses (SCCs) for international transfers. More: https://firebase.google.com/support/privacy

Bluehost (Newfold Digital Inc.). Web hosting provider for vizibeat.com and associated website infrastructure. United States. Standard Contractual Clauses (SCCs) available for international transfers where applicable. More: https://www.bluehost.com/about/privacy

Automattic Inc. (WordPress). Content management system and related website services (including Jetpack and plugin-level integrations) for vizibeat.com. United States, with global infrastructure. Automattic provides Standard Contractual Clauses (SCCs) for international transfers. More: https://automattic.com/privacy/

Mailchimp (Intuit Inc.). Email delivery for transactional account notices and for marketing communications where you have consented or it is otherwise permitted by applicable law. United States. Intuit Inc. offers Standard Contractual Clauses (SCCs) for international transfers. More: https://mailchimp.com/legal/privacy/

The following third party acts as an independent data controller, not as our subprocessor:

Paddle (Paddle.com Market Limited). Merchant of Record for subscription billing, payments, and tax compliance. Paddle independently determines the purposes and means of processing your billing and payment data under its own privacy policy and applicable law. We do not control how Paddle processes your payment data. For questions about Paddle’s data practices, contact Paddle directly. More: https://www.paddle.com/legal/privacy

Empa3D separately receives and stores a subset of billing and subscription records from Paddle via webhook, as described in Section 2c. Empa3D is the data controller for those local copies.

We may also disclose your data if required by law, court order, or government authority, or to protect the rights, property, or safety of Empa3D, our users, or others.

5. INTERNATIONAL DATA TRANSFERS

Empa3D is based in the United States. If you are located in the EEA or United Kingdom, your personal data will be transferred to and processed in the United States.

Safeguards:
– Via Google Firebase: Standard Contractual Clauses approved by the European Commission, and Google LLC’s certification under the EU-U.S. Data Privacy Framework.
– Directly by Empa3D: Standard Contractual Clauses (or, for UK data, the UK Addendum) where required. Copies are available on request to legal@empa3d.com.

6. YOUR RIGHTS

6a. EU and UK Residents (GDPR / UK GDPR). You have the rights of access, rectification, erasure, restriction, data portability, objection (including to direct marketing), and withdrawal of consent (without affecting the lawfulness of prior processing).

To exercise any of these rights, contact legal@empa3d.com. We may verify your identity before processing your request and respond within 30 days. If unsatisfied, you may lodge a complaint with your local data protection authority. EU authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK: Information Commissioner’s Office at https://ico.org.uk.

6b. California Residents (CCPA / CPRA). You have the Right to Know what personal information we collect, use, disclose, and retain; the Right to Delete; the Right to Correct; the Right to Opt-Out of the sale or sharing of personal information (Empa3D does not sell or share personal information for cross-context behavioral advertising, but you may still submit an opt-out request); the Right to Limit Use of Sensitive Personal Information (Empa3D does not collect sensitive personal information; see Section 2e); and the Right to Non-Discrimination for exercising these rights.

To exercise any of these rights, contact legal@empa3d.com. We will not discriminate against you for exercising them. Unresolved concerns may be raised with the California Privacy Protection Agency at https://cppa.ca.gov/.

6c. Other Jurisdictions. Residents of other U.S. states (including Virginia under VCDPA, Colorado under CPA, Connecticut under CTDPA, and Utah under UCPA) and other jurisdictions (including Quebec under Law 25) may have equivalent or similar rights of access, correction, deletion, portability, and opt-out. To exercise any such right, contact legal@empa3d.com.

7. COOKIES AND TRACKING

Vizibeat is a desktop software product. We do not use browser cookies. Any telemetry collected by the plugin (last access time, plugin version) is collected at the application level and stored in your user account record as described in Section 2a. We do not use third-party tracking pixels or advertising trackers.

8. CHILDREN’S PRIVACY

Vizibeat is not intended for users under 18 years of age (or the age of majority in your jurisdiction if higher), consistent with the Vizibeat EULA. We do not knowingly collect personal data from anyone under 13 and comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and equivalent laws. If you believe we have inadvertently collected personal data from a child under 13, contact legal@empa3d.com and we will delete it promptly.

9. SECURITY

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including access controls, encrypted transmission, and reputable cloud infrastructure. Your account, activation, and billing data are stored on Google Firebase, which provides encryption at rest and in transit. No system is completely secure, and we cannot guarantee absolute security.

10. CHANGES TO THIS POLICY

We may update this policy from time to time.

Non-material changes (typographical corrections, clarifications that do not reduce your rights, reorganization, and compliance updates) will be posted at https://vizibeat.com/privacy-policy/ and, where appropriate, notified by email; they take effect 30 days after posting unless sooner required by law or necessary for security.

Material changes (any change that materially reduces your privacy or data-protection rights, expands our use of your personal data, or otherwise materially changes the terms of this policy) will be notified to your registered email at least 30 days in advance and require your affirmative re-acceptance before the change takes effect as to you. Continued use alone will not constitute acceptance of a material change.

11. CONTACT

For questions, concerns, or requests relating to this Privacy Policy or your personal data:

Empa3D LLC (maker of Vizibeat)
Email: legal@empa3d.com
Privacy Policy: https://vizibeat.com/privacy-policy/

For physical service of process (where legally required), see Section 1. If you are in the EEA or UK and have unresolved concerns, you may contact your local data protection authority as described in Section 6a.