Privacy Policy
Last updated: April 2026
1. Introduction
Vigru is operated by Books & Mirror, Inc., a company registered in the United States (Delaware). Vigru is a web-based application that uses artificial intelligence to help you detect scams, phishing attempts, and fraudulent messages.
This Privacy Policy explains how we collect, use, share, and protect your personal information when you use Vigru. It applies to all users worldwide, with specific provisions for residents of the European Union, United Kingdom, and California (United States).
By creating an account or using Vigru, you acknowledge that you have read and understood this Privacy Policy. For details on how to exercise your data rights, see our Data Subject Rights page.
2. Information We Collect
Account Data
- Email address
- Name (if provided or obtained via Google OAuth)
- Profile picture (from Google OAuth, if applicable)
Content Data
- Text of messages you submit for scam analysis (SMS messages, emails, links, or other text)
Usage Data
- Timestamps of analyses performed
- Features used within the application
- Session duration
Technical Data
- Browser type and version
- Device type
- IP address (anonymized after collection)
What we do NOT collect:
- Location data
- Contact lists
- Browsing history
- Advertising identifiers
3. How We Use Your Information
We use your information to:
- Provide scam detection analysis — process the messages you submit and return a verdict
- Maintain and improve the service — monitor performance, fix bugs, and enhance accuracy
- Send service-related communications — account verification, security alerts, and policy updates
- Ensure security — detect abuse, prevent fraud, and protect our users
Important:
- We do NOT sell your data to anyone.
- We do NOT use your data for advertising or marketing purposes.
4. AI Processing
When you submit a message for analysis:
- The text is sent to third-party AI providers for scam detection analysis.
- Processing is transient — messages are not permanently stored by AI providers and are used solely for the purpose of generating a verdict.
- We may retain the analysis result (verdict: Safe, Suspicious, or Scam) for service improvement, but original message content is deleted within 30 days of analysis.
- AI analysis is fully automated — no human reviews your messages.
For more information about the limitations of AI analysis, see our AI Disclaimer.
5. Legal Bases for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
- Consent (Art. 6(1)(a)) — when you create an account and submit messages for analysis, you consent to the processing described in this policy.
- Contract performance (Art. 6(1)(b)) — processing necessary to provide you with the Vigru service as described in our Terms of Service.
- Legitimate interest (Art. 6(1)(f)) — service improvement, security monitoring, and abuse prevention, where our interests do not override your fundamental rights.
6. Data Sharing
We share data with the following categories of service providers, strictly for the purposes described:
- Supabase — authentication and database services (data stored in EU data region)
- Vercel — hosting and content delivery (global CDN)
- Third-party AI providers — transient processing of submitted messages for scam analysis
We do NOT share your data with:
- Advertisers or ad networks
- Data brokers
- Social media platforms
- Any other third parties for marketing purposes
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Submitted messages | Deleted within 30 days of analysis |
| Analysis results (verdicts) | Retained for 90 days for service improvement |
| Usage logs | 12 months, then anonymized |
8. Your Rights Under GDPR (EU)
If you are located in the European Union, you have the following rights under the General Data Protection Regulation:
- Right of access — obtain a copy of your personal data
- Right to rectification — correct inaccurate personal data
- Right to erasure — request deletion of your personal data
- Right to restriction — restrict the processing of your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw your consent at any time
- Right to lodge a complaint — file a complaint with your local data protection authority
For detailed instructions on exercising your rights, visit our Data Subject Rights page.
9. Your Rights Under CCPA/CPRA (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to know — request disclosure of personal information we have collected about you
- Right to delete — request deletion of your personal information
- Right to opt-out of sale — we do not sell your personal information
- Right to non-discrimination — we will not discriminate against you for exercising your rights
“Do Not Sell My Personal Information” — Vigru does not sell, rent, or trade your personal information to third parties. Period.
10. Your Rights Under UK GDPR
If you are located in the United Kingdom, you have equivalent rights to those described under EU GDPR (Section 8 above). The relevant supervisory authority for UK residents is the Information Commissioner's Office (ICO).
11. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom. When this occurs, we ensure appropriate safeguards are in place:
- EU-US transfers — protected by Standard Contractual Clauses (SCCs) as approved by the European Commission
- UK transfers — protected by the UK International Data Transfer Agreement/Addendum
- We only transfer data to service providers who maintain appropriate security standards
12. Children's Privacy
Vigru is not intended for children under the age of 16 (European Union) or 13 (United States). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.
13. Security
We take the security of your data seriously and implement appropriate technical and organizational measures:
- Encryption in transit — all data is transmitted over TLS (HTTPS)
- Encryption at rest — stored data is encrypted using industry-standard algorithms
- Access controls — strict access controls limit who can access user data
- Regular security reviews — we conduct periodic reviews of our security practices
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
14. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you via the email address associated with your account before the changes take effect. Your continued use of Vigru after changes are posted constitutes acceptance of the updated policy.
15. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@vigru.ai
- Company: Books & Mirror, Inc., United States
See also: Cookie Policy · AI Disclaimer · Data Subject Rights