Privacy Policy

Last updated: March 12, 2026

1. Introduction

CustomWare ("we", "us", "our") operates VirtualTour. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform at virtualtour.cstmware.com.

We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

Account Data

  • Name, email address
  • Hashed password (we never store plain-text passwords)
  • Subscription and billing information (processed by Stripe)

Usage Data

  • Tour creation and editing activity
  • Feature usage and interaction patterns
  • IP address, browser type, device information

Content Data

  • Images and media you upload to create tours
  • Tour configurations, hotspots, and metadata

3. How We Use Your Data

  • Provide and maintain the Service
  • Process payments and manage subscriptions
  • Send transactional emails (welcome, password reset, login links)
  • Respond to support inquiries
  • Improve the Service and develop new features
  • Prevent fraud and ensure security

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Analytics, security, and service improvements
  • Consent: Marketing communications (you can opt out at any time)
  • Legal obligation: Tax and regulatory compliance

5. Third-Party Services

We use the following third-party services that may process your data:

  • Cloudflare — Hosting, CDN, and DDoS protection (data stored in Cloudflare's global network)
  • Stripe — Payment processing (subject to Stripe's Privacy Policy)
  • Replicate — AI image generation (images sent for processing are not retained)
  • Sendio — Transactional email delivery

6. Cookies

We use the following cookies:

  • vt_session — Authentication session cookie (essential, httpOnly, 7-day expiry)
  • cookie_consent — Records your cookie consent preference (essential)

We do not use third-party tracking cookies or advertising cookies.

7. Data Retention

  • Account data is retained while your account is active
  • After account deletion, data is removed within 30 days
  • Billing records may be retained for up to 7 years for tax compliance
  • Server logs are retained for up to 90 days

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a machine-readable format
  • Restriction — Limit how we process your data
  • Objection — Object to processing based on legitimate interest

To exercise these rights, email us at hello@virtualtour.app. We will respond within 30 days.

9. Data Security

We implement appropriate security measures including encrypted connections (TLS), hashed passwords, HTTP-only session cookies, and access controls. While no system is 100% secure, we take reasonable steps to protect your data.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or data requests, contact us at hello@virtualtour.app or through our contact page.