Skip to content
Vrex Visual

Privacy Policy — Vrex Visual

Draft — this document is under legal review and may change.

Effective date: [launch date]

1. Who we are

Vrex Visual is a product of Vixel AS, a Norwegian company, [registered address]. Vixel AS is the data controller for the personal data described in this policy. Contact: support@vrexvisual.com.

2. What Vrex Visual does with your content

Vrex Visual turns images of your building designs (viewpoints from 3D/BIM models, uploads, reference images) into photorealistic renders. To do that, the images you submit and the text prompts and settings you write are sent to Google’s Gemini API for processing, and your uploads and generated outputs are stored in our object storage (Cloudflare R2). Google processes this content as our processor to produce your results; we do not use your content to train models (see the Image Rights page).

3. Data we process

5. Sub-processors

Sub-processorPurposeLocation
Google LLC (Gemini API)AI image generation and image analysisUSA
Cloudflare, Inc. (R2)Object storage for uploads and outputs[region per bucket config — REVIEW]
SevallaApplication and database hosting[hosting region — REVIEW]
Stripe, Inc.Payments and subscription billingUSA/EU
WorkOS, Inc.Sign-in / authenticationUSA

International transfers. Where processing happens in the USA (notably Google’s Gemini API), the transfer is based on the EU Standard Contractual Clauses and/or an EU adequacy decision (the EU–US Data Privacy Framework, for providers certified under it).

6. Retention and deletion

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing based on legitimate interests. Contact support@vrexvisual.com to exercise them. You can also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.

8. Cookies and local storage

The app uses a session credential to keep you signed in and minimal browser storage for convenience (for example, remembering the email on the login form). We do not use advertising cookies or cross-site trackers in the app.

9. Security

Traffic is encrypted in transit (TLS). Stored files live in private buckets accessed only through signed, short-lived URLs. Tenant isolation is enforced at the database layer (row-level security), so one organization’s data is not readable by another.

10. Changes

We will post updates to this policy on this page and, for material changes, notify account holders by email.