Effective Date: December 11, 2025
This Privacy Policy explains how MAIN INNOVATE LOGISTIC UP d.o.o. ("Company", "we", "us", or "our") collects, uses, stores, and protects personal data when you use our Service.
This Privacy Policy applies to the following domains and services operated by us:
Throughout this document, references to "the Service" include both domains and all associated subdomains.
We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
The data controller responsible for your personal data is:
MAIN INNOVATE LOGISTIC UP d.o.o.
Ulica 1. svibnja - Via Primo Maggio 4
52470 Umag, Istarska županija, Croatia
VAT Number: HR42367327103
Email: [email protected]
We have not appointed a Data Protection Officer (DPO) as we do not meet the threshold requirements under Article 37 of the GDPR. For any privacy-related inquiries, please contact us at the email address above.
We process personal data from three distinct categories of individuals:
When you register for and use a Visiono.io account, we collect:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed) | Account creation and authentication |
| Business Information | Company name, company logo, VAT number | Service customization and invoicing |
| Billing Information | Billing address, payment method (via Stripe) | Payment processing |
| Preferences | Timezone, language, notification settings | Service personalization |
| Usage Data | Login history, feature usage, API calls | Service improvement and support |
When Customers upload photos through links provided by Tenants (via visio.now or tenant-specific subdomains like [tenant].visio.now), we collect the following data on behalf of the Tenant (as Data Processor):
| Data Type | Details |
|---|---|
| Uploaded Photos | Image files captured via the interface |
| Stored encrypted | |
| Geolocation | GPS coordinates (if enabled) |
| Optional; Tenant decides if required | |
| Device Information | Device type, operating system, browser |
| For compatibility and debugging | |
| Technical Data | IP address, browser info, user agent |
| Security and rate limiting | |
| Timestamps | Date and time of upload |
| Audit trail | |
Important: For Customer data, the Tenant is the Data Controller and determines the purposes and means of processing. We process this data solely on the Tenant's instructions as their Data Processor.
When you use our Interactive Demo on visiono.io (without registration), we collect:
| Data Type | Purpose | Retention |
|---|---|---|
| IP Address | Rate limiting, abuse prevention | 48 hours |
| User Agent | Statistics, debugging | 48 hours |
| Demo Photo | Demo functionality | 48 hours |
| Event Timestamps | Analytics | 48 hours |
We do NOT collect from Demo users: GPS/geolocation data, names, email addresses, or any other personally identifiable information beyond what is listed above.
Under the GDPR, we process personal data based on the following legal bases:
| Legal Basis | GDPR Article | Processing Activities |
|---|---|---|
| Contract Performance | Art. 6(1)(b) | Account management, service provision, billing, support |
| Legitimate Interests | Art. 6(1)(f) | Security, fraud prevention, service improvement, analytics |
| Legal Obligation | Art. 6(1)(c) | Tax records, legal compliance, responding to authorities |
| Consent | Art. 6(1)(a) | Demo usage (explicit acceptance required), optional features |
For Customer data processed on behalf of Tenants: We act as a Data Processor under Article 28 GDPR. The Tenant (Data Controller) is responsible for ensuring an appropriate legal basis exists for collecting their Customers' data.
We use personal data for the following purposes:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period | Reason |
|---|---|---|
| Tenant Account Data | Duration of account + 30 days | Service provision |
| Billing/Invoice Records | 11 years from transaction | Croatian tax law requirements |
| Customer Photos (via Tenants) | As determined by Tenant | Tenant is Data Controller |
| Demo Data (photos, IP, etc.) | 48 hours | Data minimization |
| Server Logs | 30 days | Security and debugging |
| Analytics Data (Umami) | 24 months (aggregated) | Service improvement |
Upon account deletion or at the end of the retention period, personal data is permanently deleted or anonymized, except where retention is required by law.
When you delete a photo or your entire workspace, Visiono applies the following rules to external copies:
You can toggle these options at any time in Storage Settings → Photo Deletion Behavior. To exercise the GDPR right to erasure (Art. 17) across all locations, enable both toggles before deleting the relevant photos, or contact us using the details below.
We do not sell your personal data. We share personal data only with the following categories of recipients:
We use the following third-party service providers who may process personal data on our behalf:
| Provider | Purpose | Location | Data Processed |
|---|---|---|---|
| Hetzner Online GmbH | Cloud hosting infrastructure | Germany (EU) | All service data |
| Stripe, Inc. | Payment processing | USA (EU SCCs) | Billing data, payment info |
| Umami (self-hosted) | Privacy-friendly analytics | Germany (EU) | Aggregated, anonymized |
| Cloudflare, Inc. | CDN, DDoS protection, Turnstile | Global (EU SCCs) | IP address, request data |
We may also disclose personal data:
Your personal data is primarily stored and processed within the European Union (Germany) on servers operated by Hetzner Online GmbH.
When data is transferred outside the EU/EEA (e.g., to Stripe in the USA), we ensure appropriate safeguards are in place:
You may request information about the specific safeguards applied to transfers of your data by contacting us.
We implement appropriate technical and organizational measures to protect your personal data:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33. If the breach is likely to result in a high risk, we will also notify affected individuals directly (Article 34).
Under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at [email protected].
| Right | Description |
|---|---|
| Right of Access (Art. 15) | Request a copy of the personal data we hold about you |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete data |
| Right to Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") |
| Right to Restriction (Art. 18) | Request limitation of processing in certain circumstances |
| Right to Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Right to Object (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent (Art. 7) | Withdraw previously given consent at any time |
Response Time: We will respond to your request within one month. This period may be extended by two additional months for complex requests, in which case we will inform you.
Verification: We may need to verify your identity before processing your request to protect your data from unauthorized access.
Right to Complain: You have the right to lodge a complaint with a supervisory authority. For Croatia, this is the Agencija za zaštitu osobnih podataka (AZOP) at azop.hr.
This section applies to both visiono.io and visio.now (including all subdomains).
We use only strictly necessary (technical) cookies that are essential for the operation of our Service. These cookies:
We use Umami Analytics, a privacy-friendly, cookie-less analytics solution. Umami:
We do NOT use:
Visiono.io is designed for business use and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors.
If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected], and we will take steps to delete such information.
For Tenants: If your use case involves collecting photos from minors, you (as Data Controller) are solely responsible for ensuring compliance with applicable laws regarding children's data, including obtaining verifiable parental consent where required.
Understanding our respective roles is important for GDPR compliance:
We act as the Data Controller for:
We act as a Data Processor for:
As Data Processor, we process Customer data only according to the Tenant's instructions as documented in our Terms of Service and any Data Processing Agreement (DPA).
Tenants using Visiono.io to collect Customer data are responsible for:
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
MAIN INNOVATE LOGISTIC UP d.o.o.
Ulica 1. svibnja - Via Primo Maggio 4
52470 Umag, Istarska županija, Croatia
VAT Number: HR42367327103
Email: [email protected]
Website: https://visiono.io
Supervisory Authority: Agencija za zaštitu osobnih podataka (AZOP), Selska cesta 136, 10000 Zagreb, Croatia — azop.hr
By using Visiono.io, you acknowledge that you have read and understood this Privacy Policy.
Last updated: December 11, 2025