Legal
Privacy Policy
Effective date: May 27, 2026 · Vizier Inc.
Vizier is an AI chief of staff that connects to your Gmail, Google Calendar, and Slack to help you focus on what matters. This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. We keep this document accurate and plain-language — if something is unclear, email us at privacy@vizierapp.com.
1. Who We Are
Vizier is operated by Vizier Inc., a corporation incorporated in Delaware, USA. References to “Vizier,” “we,” “us,” or “our” in this policy refer to Vizier Inc.
For users in the European Union, United Kingdom, or European Economic Area: Vizier Inc. is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and UK GDPR.
Privacy contact: privacy@vizierapp.com
2. Information We Collect
We collect only what is necessary to provide the Vizier service. Below is a full account of every category of data we collect and its source.
a. Account information
When you sign in with Google, Firebase Authentication provides us with your:
- Name and email address
- Google profile photo URL
- Account creation timestamp and last sign-in timestamp
- The beta invite code used to create your account
This data is stored in our Firestore database and is the foundation of your Vizier account.
b. Google Workspace data (Gmail & Calendar)
This data is collected only if you explicitly connect your Google account from the Settings page. You can disconnect at any time.
Gmail: We request permission to read your inbox, read email threads, mark messages as read, compose drafts, and send emails on your behalf. We access email subjects, sender and recipient addresses, and body content to power inbox triage, AI draft generation, follow-up detection, and meeting prep features.
Google Calendar: We request permission to read your calendar events. We access event titles, start/end times, attendee lists, descriptions, and meeting links to power the calendar view, conflict detection, and AI meeting prep features.
OAuth access and refresh tokens are stored server-side in Firestore and are never exposed to your browser or any client-side code. Tokens are automatically refreshed and updated in our database. Revoking the connection in Settings immediately deletes all stored tokens.
c. Slack data
This data is collected only if you explicitly connect your Slack workspace from the Settings page. You can disconnect at any time.
We request permission to read your direct messages, group messages, and channel messages; read channel and user information; and send messages on your behalf when you explicitly trigger a send in the Vizier dashboard.
Slack access tokens are stored server-side in Firestore. Your workspace ID, workspace name, and Slack user ID are stored to identify your integration. Revoking the connection in Settings immediately deletes all stored tokens.
d. User-generated content
- Tasks: Tasks you create manually or approve from AI suggestions — including title, due date, priority, status, and source references.
- Memory entries:Facts about you that you explicitly save (e.g., “I prefer async over meetings”) or that the AI infers from your Vizier conversations when you have opted into memory inference. Memory entries include a type, content, source, and confidence score.
- Settings: Your preferences for morning briefing delivery, AI draft tone, timezone, city, and other configuration options.
- Onboarding state: Which onboarding steps you have completed, and whether you have dismissed the onboarding panel.
e. Analytics and usage data
We use Firebase Analyticson the Vizier marketing site (vizierapp.com). This collects page views, session duration, referrer information, and general engagement metrics. Firebase Analytics is operated by Google LLC, which processes IP addresses and device identifiers in accordance with Google's privacy policy.
We do not use analytics tracking inside the Vizier dashboard. No behavioral tracking, heatmaps, or session recording tools are used anywhere in the product.
You can opt out of Firebase Analytics by enabling Do Not Track in your browser, using a browser extension that blocks Google Analytics, or by adjusting your browser's privacy settings.
f. Cookies and session tokens
We set the following first-party cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
vizier_session | Authenticates your session after sign-in | 14 days | HttpOnly, Secure, essential |
vizier_beta | Tracks your beta invite code for account creation | 30 days | HttpOnly, Secure, essential |
We do not use advertising cookies, cross-site tracking cookies, or any third-party cookies for marketing purposes.
g. Server log data
Our infrastructure (Firebase / Google Cloud) automatically generates server logs that may include your IP address, browser user agent, request timestamps, and HTTP response codes. These logs are used for security monitoring and infrastructure operations. Vizier does not independently store or analyze server log data beyond what Google Cloud retains per its default policies.
3. How We Use Your Information
We use the data described above to:
- Operate the service: Authenticate your account, load your dashboard, and sync your data across sessions.
- Power AI features:Read your Gmail threads, calendar events, and Slack messages to generate summaries, draft replies, detect tasks, flag follow-ups, and prepare meeting briefs. Content is processed via Firebase AI Logic (Google Vertex AI) on Google's infrastructure, as described in Section 5.
- Send morning briefings: Deliver your configured daily email summary through our email delivery provider (Resend) at the time and on the days you select.
- Personalize your experience: Apply your saved memory entries and preferences to AI drafts, summaries, and Vizier conversations.
- Security and fraud prevention: Detect unauthorized access, investigate abuse, and protect the integrity of user accounts.
- Improve the product: Understand aggregate usage patterns (e.g., which features are used) in ways that do not identify individual users.
- Comply with legal obligations: Respond to lawful requests from public authorities and fulfill our obligations under applicable law.
We never use your email content, calendar data, or Slack messages to train AI models — ours or anyone else's. AI processing is handled by Firebase AI Logic (Google Vertex AI), which runs entirely within Google's infrastructure under Google's data processing terms. Google does not use API inputs to train its models.
4. Legal Bases for Processing (GDPR)
For users in the EU, UK, and EEA, we process personal data under the following legal bases as defined by Article 6 of the GDPR:
| Processing activity | Legal basis |
|---|---|
| Account creation, authentication, and session management | Performance of a contract (Art. 6(1)(b)) |
| Core features: inbox, calendar, Slack, AI drafts, task detection | Performance of a contract (Art. 6(1)(b)) |
| Morning briefing emails | Performance of a contract (Art. 6(1)(b)) |
| AI memory inference (opt-in setting) | Consent (Art. 6(1)(a)) |
| Firebase Analytics on the marketing site | Legitimate interest (Art. 6(1)(f)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent (AI memory inference), you can withdraw consent at any time by disabling the “Memory inference” toggle in Settings. Withdrawal does not affect the lawfulness of processing before withdrawal.
5. Data Sharing and Third-Party Services
We do not sell your personal data. We do not share your data with advertisers or data brokers. We share data only with the following service providers, strictly to operate Vizier:
| Provider | Purpose | Data shared |
|---|---|---|
| Google LLC Firebase Auth, Firestore, Cloud Run, Firebase AI Logic (Vertex AI) | Authentication, database storage, application hosting, and AI processing for summaries, drafts, task detection, meeting prep, and Counsel chat | All account data, settings, tasks, memory, and integration tokens stored in Firestore; excerpts of email threads, calendar events, and Slack messages — only when you invoke an AI feature |
| Resend Inc. Email delivery | Delivering your morning briefing email | Your email address and the briefing content (email subjects, event titles, task titles) |
| Slack Technologies LLC Slack API | Reading your Slack messages and sending messages on your behalf | OAuth tokens; message content you choose to send through Vizier |
All providers are contractually bound to process your data only on our instructions, to maintain appropriate technical and organizational security measures, and not to use your data for their own purposes.
We may disclose personal data if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
6. Data Retention
We retain your personal data for as long as your account is active. When you request account deletion:
- Firestore data (account record, settings, tasks, memory, integration tokens) is deleted immediately upon a verified deletion request.
- Google and Slack tokens are revoked via the respective OAuth revocation endpoints at the time of deletion.
- Firebase Authentication record is permanently deleted.
- Infrastructure backups (Google Cloud automated backups) may retain a copy of your data for up to 7 days after deletion, after which it is irreversibly purged.
- Legal holds: We may retain specific data longer if required by applicable law (e.g., tax records, legal proceedings).
To request account deletion, email privacy@vizierapp.com with the subject line “Delete my account” from the email address associated with your account.
7. Security
We take the security of your data seriously, particularly given that Vizier connects to sensitive services like your email and calendar. Our security measures include:
- All Firestore data is accessed exclusively through the Firebase Admin SDK on our servers. Firestore security rules deny all client-side reads and writes — your data cannot be accessed directly from a browser or mobile app.
- OAuth tokens for Google and Slack are stored server-side and are never included in API responses or exposed to client-side code.
- Session cookies are marked
HttpOnlyandSecure, preventing JavaScript access and transmission over unencrypted connections. - All data in transit is encrypted via TLS 1.2 or higher.
- Firebase encrypts all data at rest using AES-256.
- Access to our production infrastructure is restricted to authorized personnel only.
Despite these measures, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@vizierapp.com.
8. Your Rights
Regardless of where you are located, you have the following rights with respect to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete data.
- Deletion: Request that we delete your account and all associated data.
- Disconnection: Revoke Google or Slack access at any time from the Integrations section in Settings — this immediately deletes stored OAuth tokens.
Additional rights for EU/UK users (GDPR)
- Right of access (Art. 15) — obtain confirmation of whether we process your data and receive a copy of it.
- Right to rectification (Art. 16) — have inaccurate data corrected without undue delay.
- Right to erasure (Art. 17) — have your data deleted where it is no longer necessary, you withdraw consent, or processing is unlawful.
- Right to restriction of processing (Art. 18) — request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format and transmit it to another controller.
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent — at any time, for processing based on consent (AI memory inference), without affecting past processing.
- Right to lodge a complaint— with your local supervisory authority (e.g., the ICO in the UK, or your EU member state's data protection authority).
Additional rights for California residents (CCPA)
- Right to know — what personal information we collect, use, disclose, and sell (we do not sell personal information).
- Right to delete — request deletion of personal information we have collected from you.
- Right to opt out of sale — we do not sell, rent, or share your personal information for cross-context behavioral advertising.
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, email privacy@vizierapp.com. We will verify your identity before processing your request. We respond to GDPR requests within 30 days and CCPA requests within 45 days, with an extension of up to 90 days where necessary.
9. Children's Privacy
Vizier is designed for professional use and is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under the age of 18.
If you believe we have inadvertently collected personal data from a minor, please contact us immediately at privacy@vizierapp.com and we will delete that data promptly.
10. International Data Transfers
Vizier Inc. is headquartered in the United States. Our infrastructure (Firebase / Google Cloud) operates primarily in the United States. If you are located in the European Union, United Kingdom, or European Economic Area, your personal data will be transferred to and processed in the United States.
We take steps to ensure that such transfers are carried out in accordance with applicable law. Where required by the GDPR or UK GDPR, we rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) as approved by the European Commission or the UK Information Commissioner's Office.
For more information about the safeguards in place, contact us at privacy@vizierapp.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The “Effective date” at the top of this page will always indicate when the current version was last updated.
For material changes — those that significantly affect how we collect or use your data — we will provide prominent notice by email (sent to the address associated with your account) and/or by a notice within the Vizier dashboard, at least 14 days before the changes take effect.
Your continued use of Vizier after changes become effective constitutes your acceptance of the revised policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out:
Vizier Inc.
Email: privacy@vizierapp.com
For EU/UK data subject rights requests, you also have the right to contact your local data protection authority.