Legal
Privacy Policy
Effective date: 25 May 2026
This Privacy Policy explains how V1 Generation d.o.o. (“v1rtual”, “we”, “us”) collects, uses, and shares personal data when you visit v1rtual.ai or use any service we provide through it. We follow the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Croatian Act on the Implementation of the GDPR.
1. Data controller
The controller of your personal data is:
2. What we collect and why
We only process the data you actively provide or that is strictly necessary to operate the site:
a) Account data (when you sign in with Google)
- Full name, email address, profile picture URL provided by Google.
- Internal session and access tokens used to keep you signed in.
Purpose: authenticate you and authorise access to features reserved for signed-in users (early-access flows, admin tools).
Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
b) Contact and early-access form submissions
- Name and email address (required).
- Optional details you provide: role, company size, industry, intended use case, and timeline.
Purpose: reply to your enquiry and assess fit for early access.
Legal basis: our legitimate interest in responding to inbound enquiries (GDPR Art. 6(1)(f)) and pre-contractual steps at your request (Art. 6(1)(b)).
c) Technical and server logs
- IP address, user agent, timestamps, requested URLs, response codes.
- Error traces produced by the application or web server.
Purpose: operate, secure, and debug the site; defend against abuse.
Legal basis: legitimate interest in keeping the service available and secure (GDPR Art. 6(1)(f)).
We do not use third-party analytics, advertising trackers, or marketing pixels on this site.
3. Cookies and similar technologies
We use only strictly-necessary cookies required for authentication (the Auth.js session cookie) and to remember non-personal preferences such as edit mode for administrators. No cookies are used for analytics, profiling, or advertising.
4. Sub-processors and recipients
We share personal data with the following service providers strictly to operate the site:
- Google Ireland Limited & Google LLC — Google OAuth for sign-in; Gmail SMTP for sending contact-form notifications to our team.
- Epic Games, Inc. — Pixel Streaming signalling infrastructure used by the Split and Experience modes (only when you actively enter those modes).
- Our hosting and database providers — used to host the application and store your data within the European Economic Area where possible.
We do not sell personal data and we do not share it for advertising purposes.
5. International transfers
Some sub-processors listed above are based outside the European Economic Area. Where this applies, transfers are protected by the European Commission's Standard Contractual Clauses (2021/914) and, where relevant, supplementary technical measures.
6. How long we keep data
- Account data: for as long as your account exists, and up to 30 days after you ask us to delete it.
- Contact and early-access submissions: up to 24 months after your last interaction with us, then deleted or anonymised — unless a longer period is required by law.
- Technical logs: typically 30–90 days, longer where needed for security investigations.
7. Your rights
Under the GDPR you have the right to:
- access your personal data and obtain a copy;
- have inaccurate data corrected;
- request erasure of your data (“right to be forgotten”);
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw any consent you previously gave, without affecting prior lawful processing.
To exercise any of these rights, email contact@v1gen.com. We will respond within one month.
You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka — AZOP), azop.hr, or with the supervisory authority in your country of residence.
8. Security
We apply appropriate technical and organisational measures to protect personal data — including encrypted transport (HTTPS), encrypted credentials at rest where supported, least-privilege access, and routine review of who can access administrative tools. No system is perfectly secure, but we take reasonable steps proportionate to the sensitivity of the data we hold.
9. Children
The site is not directed to children under 16. We do not knowingly collect data from anyone under that age. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on this page with an updated effective date. Continued use of the site after a change indicates acceptance of the revised policy.
11. Contact
Questions about this policy or your data? contact@v1gen.com.