Privacy Policy
Last updated: 9 May 2026
1. Introduction
Books & Mirror Inc., a Delaware corporation (“we,” “us,” or “our”), operates a web-based application available at https://vigru.ai that uses artificial intelligence to help you detect scams, phishing attempts, and fraudulent messages.
This Privacy Policy (“Policy”) explains how we collect, use, share, and protect your personal information when you access and use our website, web application, and related services (collectively, the “Service”). This Policy is incorporated into and forms part of our Terms of Service.
Please read this Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, do not use the Service.
2. Personal Information We Collect
We may collect the following categories of personal information:
Account and Contact Information
When you register, we collect your email address and, if you register through Google OAuth, your first and last name and profile picture as provided by Google. You may also voluntarily provide a display name.
User Content
We collect the messages, texts, screenshots, images, links, and other materials that you submit to the Service for analysis, which may incidentally contain personal information. You should not submit sensitive information including government identification numbers, financial account credentials, payment card numbers, or health information.
Communications
If you contact us by email or through the Service, we collect the information you choose to include, including your contact information, the contents of your message, and any attachments.
Usage and Technical Information
When you access or use the Service, we automatically collect certain information about your device and your interactions with the Service, including: your IP address; browser type and version; operating system; device type and identifiers; date and time of visits; pages and features you access; service features you use; duration of sessions; and analyses you perform; information about how you arrived at the Service, including referral URLs and marketing campaign identifiers (such as UTM parameters).
Marketing Communications
If you create an account, we may use your email address to send you onboarding and informational emails related to the Service, such as a welcome email sequence. You may unsubscribe from these emails at any time using the unsubscribe link included in each email.
What we do NOT collect:
We do not intentionally collect, use, or disclose information that qualifies as “sensitive personal information” under applicable U.S. state privacy laws, including government-issued identifiers, financial account access credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, health information, or sexual orientation.
3. How We Collect Your Personal Information
Directly from You
We collect information you provide directly when you create an account, submit user content for analysis, subscribe to a paid plan, contact us for support, or otherwise interact with the Service.
Automatically through the Service
As you navigate through and interact with the Service, we use automatic data-collection technologies to collect usage and technical information. The technologies we use may include cookies — small files placed on your device. You may refuse or disable cookies through your browser settings; however, certain features of the Service may not function properly.
The Service uses a small number of cookies and similar technologies that are strictly necessary to operate the Service. If you consent, we may also use analytics cookies and similar technologies (such as PostHog) to collect usage data and improve the Service. You can manage your cookie preferences at any time through the cookie consent banner. We do not use cookies for advertising or cross-context behavioral advertising. We do not permit third parties to set tracking cookies through the Service without your consent.
From Third Parties
We may receive information about you from third parties we engage to perform services on our behalf, including from Stripe (payment processing), Google (OAuth authentication), PostHog (product analytics), MailerLite (email marketing delivery and engagement metrics), and our infrastructure providers. We may combine information from these sources with information we collect directly from you.
4. How We Use Your Personal Information
We use the personal information described in this Policy for the following purposes:
- To provide the Service — to create and authenticate your account; receive, process, and analyze your user content; return verdicts and explanations to you; and provide other features you request.
- To process subscriptions — to process subscription enrollments, manage your plan, send subscription-related notices and receipts, and manage cancellations.
- To communicate with you — to send account-related communications, service updates, security notices, support responses, onboarding and welcome emails, and other administrative messages. You may opt out of non-essential marketing communications at any time by using the unsubscribe link in any email.
- To maintain and improve the Service — to operate, maintain, monitor, troubleshoot, and improve the Service, including developing new features, evaluating output accuracy, and conducting internal research.
- To ensure security — to detect, prevent, investigate, and respond to fraud, abuse, security incidents, unauthorized access, and other harmful activity, and to enforce our Terms of Service and other policies.
- To comply with law — to comply with applicable legal, regulatory, accounting, tax, and reporting obligations, and to respond to lawful requests from government authorities.
- With your consent — for any other purpose described to you at the time of collection or for which you otherwise provide your consent.
Important:
- We do NOT sell your personal information.
- We do NOT use or share your personal information for targeted advertising or cross-context behavioral advertising.
- We do NOT train machine learning models on your data without your prior consent.
5. Data Sharing
We share data with the following categories of service providers, strictly for the purposes described:
- Service Providers — We engage third-party sub-processors to support the operation of the Service, including cloud hosting and database providers (such as Supabase and Vercel); third-party AI providers (such as Google for Gemini and Cloud Vision OCR, xAI for Grok, Perplexity, and Anthropic for Claude); payment processors (Stripe); authentication providers (Google for OAuth); product analytics providers (PostHog, EU-hosted); and email marketing providers (MailerLite, for onboarding email delivery). These providers access personal information only as necessary to perform services on our behalf.
- Legal and Regulatory Compliance — We may disclose personal information if required to do so by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to protect our rights, the rights of users, or the safety of others.
- Business Transfers — In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction, subject to the protections of this Policy.
We have not sold personal information or engaged in cross-context behavioral advertising in the preceding 12 months and have no current plans to do so.
6. Data Retention
We retain personal information for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Policy, and comply with applicable legal, regulatory, accounting, and reporting obligations.
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Submitted user content | Deleted upon account deletion |
| Analysis results (verdicts) | Deleted upon account deletion |
| Usage logs | 12 months, then anonymized |
7. Your Rights
Depending on your state of residence, you may have the following rights with respect to your personal information:
- Right to know — request confirmation that we process your personal information and obtain access to the categories we hold about you.
- Right to access and data portability — request a copy of your personal information in a portable format.
- Right to correction — request that we correct inaccurate personal information.
- Right to deletion — request that we delete your personal information, subject to applicable legal exceptions.
- Right to opt out — opt out of any sale or sharing of personal information, targeted advertising, or profiling in furtherance of decisions with legal or similarly significant effects. We do not engage in any of these activities.
- Right to non-discrimination — we will not discriminate against you for exercising any of these rights.
To exercise any of the rights described above, please contact us at privacy@vigru.ai. We will respond within the timeframe required by applicable law (typically 45 days, with the possibility of one extension where permitted). You may designate an authorized agent to make a request on your behalf where permitted by applicable law.
8. Children's Privacy
The Service is not intended for, and we do not knowingly collect any personal information from, individuals under the age of 18. If we learn that we have collected or received personal information from a person under 18, we will delete that information unless we are legally required to retain it.
9. Security
We implement reasonable administrative, technical, and organizational measures designed to protect personal information from unauthorized access, use, alteration, or disclosure, including:
- Encryption in transit — all data is transmitted over TLS/HTTPS
- Encryption at rest — stored data is encrypted where supported by our infrastructure providers
- Access controls — authentication safeguards and strict access controls limit who can access user data
- Periodic security reviews — we conduct regular reviews of our security practices
No system or transmission over the internet is completely secure, and we cannot guarantee the absolute security of your personal information. If you believe your account credentials have been compromised, please contact us immediately at privacy@vigru.ai.
10. Changes to This Policy
We may update this Policy from time to time. For material changes, we will notify you via email or the Service before the changes take effect. Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised Policy.
11. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us at:
- Email: privacy@vigru.ai
- Company: Books & Mirror Inc., a Delaware corporation
See also: AI Disclaimer · Acceptable Use Policy