Privacy Policy for the Vjus.AI platform and services
Version: March 12, 2026
AtWize Business Services GmbH operates and provides the Vjus.AI platform and services. Together with its representatives, consultants, employees, board members and other agents (collectively "Vjus.AI", "we", "us" or "our"), it operates the website at www.vjus.ai (the "Website") as well as the services for analyzing the visibility of AI search queries via AI platforms such as ChatGPT (OpenAI), Gemini (Google) and Grok (xAI) and other internet searches (together with the Website, the "Services").
We respect and protect the privacy of users who use our services. The following provisions ("Privacy Policy") inform you about the types of information we may collect from you and how we collect, use, store, protect, and disclose this information. Personal data is any information relating to an identified or identifiable natural person; this includes, in particular, your name and email address .
This privacy policy informs you about the type, scope, and purposes of the processing of personal data when using our services. Your data is processed on the legal bases listed below. Where processing is based on your consent, we will obtain this separately.
Responsible
In accordance with the General Data Protection Regulation ("GDPR") , the services are provided and operated by AtWize Business Services GmbH , located at Baaderstr. 40, 80469 Munich, Germany. The contact person for inquiries regarding this privacy policy is the email address support@vjus.ai .
The contact information for our data protection officer can be found below:
Legal Data Schröder Rechtsanwaltsgesellschaft mbH, Dr. Georg F. Schröder, LL.M., Maximilianstr. 27, 80539 Munich, georg.schroeder@legaldata.law
Connection data
Whenever you access content from our services, connection data is transmitted to our web server. This connection data includes:
- IP address of the user,
- Date and time of the request,
- referring URL,
- Browser version and type,
- Device numbers such as UDID (Unique Device Identifier) and similar device numbers, as well as device information (e.g. B. Device type).
This connection data is not used to identify the user or to combine it with data from other sources, but serves solely to provide the website. The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in the technical provision of the services). The connection data is deleted after a maximum of 30 days, unless further storage is necessary for the investigation of security incidents.
Registration requirement
Our landing page can generally be used without providing personal data. There is no obligation to visit our landing page or provide personal data. However, the use of our web app or mobile app requires the provision of certain data.
For registration to use our web app or mobile app, we collect the following personal data:
- Name and email address ,
- Name of the company or organization,
- Business address,
- Company URL,
- The company's brand and product names,
- Type of company, business categories and specializations,
- Competitors of the company or affiliated companies,
- Further information about the company (e.g., financial and account information) and its cooperation partners is available .
The processing of this data is based on different legal grounds depending on the data category:
Name, email address, password, business address and company URL are required for the performance of the contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
We process brand and product names, business categories, specializations, and competitor information based on our legitimate interest in providing AI visibility analysis (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest lies in being able to perform the brand visibility analysis requested by the customer using AI . Providing this data is voluntary; however, the platform's functionality is limited without it .
Financial and payment information is processed via the payment service provider Stripe (see the separate section "Payment Processing"). The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
The processing of all registration data also serves to prevent misuse and ensure IT security (Art. 6 para. 1 sentence 1 lit. f GDPR).
The registration data will be stored for the duration of the contractual relationship and deleted within 90 days after its termination, unless legal retention obligations require longer storage.
Newsletter
When you subscribe to our newsletter via our website, we use the so-called double opt -in procedure. After you enter your email -address, we will send you a confirmation email with an activation link. Your subscription will only become effective after you click this link. We store the time of registration and confirmation, as well as your IP address, in order to be able to prove your consent.
The legal basis for sending the newsletter is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter email. Your data will be deleted immediately after withdrawal of consent, unless it may be processed further on another legal basis.
Data security
Please note that data transmission over the internet can have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Cookies
We use cookies and similar technologies to ensure the functionality of our platform and to analyze user behavior.
We store technically necessary cookies (e.g., session cookies for authentication) on the basis of Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TMG), as they are absolutely essential for providing the service you have expressly requested. The legal basis under data protection law for processing the personal data collected in this context is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in the technical provision).
All other cookies (especially analytics and marketing cookies) are only set with your prior consent in accordance with Section 25 Paragraph 1 of the German Telemedia Act (TMG). The processing of the personal data collected in this context is based on Art. 6 para. 1 sentence 1 lit. a GDPR (consent). You grant or refuse your consent via our consent management tool upon your first visit to our website. You can revoke your consent at any time with effect for the future via the cookie banner or your browser settings.
Google Analytics
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website and in our web app. By default, Google Analytics 4 does not collect full IP-addresses; therefore, separate IP anonymization is no longer necessary. The data is collected to analyze user behavior on our website and app. Google may transfer the collected data to servers of Google LLC in the USA; Google LLC is certified under the EU-US Data Privacy Framework (Art. 45 para. 3 GDPR). In addition, we have agreed to the EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR) with Google.
The legal basis for this is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG, which you grant via our consent management tool. You can revoke your consent at any time with effect for the future via the consent management tool. For more information, please see Google's privacy policy at https://policies.google.com/privacy .
Use of AI-platforms (LLM providers)
To provide our analytics services, we send the prompts you have configured to the following AI-platforms to evaluate their responses to mentions of your brand and, if applicable, other brands, as well as related information (ranking, sentiment, etc.):
ChatGPT, operated by OpenAI, LLC, 3180 18th Street, San Francisco, CA 94110, USA ("ChatGPT"). OpenAI is certified under the EU-US Data Privacy Framework (Art. 45 para. 3 GDPR).
Gemini, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Gemini"). Google may transfer data to Google LLC in the USA; Google LLC is -certified under the EU-US Data Privacy Framework.
Grok, operated by xAI Corp., USA ("Grok"). For the transfer to xAI , we rely on the EU -Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR), as long as xAI is not certified under the EU-US Data Privacy Framework.
Perplexity, operated by Perplexity AI, Inc., San Francisco, CA, USA ("Perplexity"). Perplexity is -certified under the EU-US Data Privacy Framework, where applicable; otherwise, we base the transfer on EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).
Claude, operated by Anthropic PBC, 548 Market St., PMB 90375, San Francisco, CA 94104-5401, USA; EU branch: Anthropic Ireland Limited, Dublin, Ireland ("Claude"). Anthropic is not currently certified under the EU-US Data Privacy Framework; for data transfers, we rely on the EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).
Additional AI platforms may be added and will be listed on the website.
The transmitted prompts may contain brand names, industry information, locations, regions, and competitor names. Insofar as this information relates to individuals (especially in the case of sole proprietorships and freelancers), the transmission constitutes the processing of personal data.
To obtain the most realistic picture possible of brand visibility, we primarily use the AI platforms in the way a regular end user would, and not exclusively via API interfaces. The AI platforms process the submitted requests according to their respective terms of service and privacy policies. We expressly point out that, according to their own statements, the AI providers may use the submitted input to improve and train their models when used in this way. Vjus.AI has no influence on this data processing by the AI platforms.
The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of a contract), as querying the AI platforms is the core purpose of our services.
Payment processing (Stripe)
For processing payments, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
When you make a payment, your payment details (e.g., credit card number, expiration date, CVC) are transmitted directly to Stripe. Vjus.AI does not store complete credit card data on its own systems.
Stripe processes your payment data as an independent controller within the meaning of Article 4 No. 7 GDPR. Stripe may transfer data to Stripe, Inc. in the USA; Stripe, Inc. is -certified under the EU-US Data Privacy Framework (Article 45 Paragraph 3 GDPR).
The legal basis for transferring your payment data to Stripe is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of a contract). Further information on data processing by Stripe can be found in Stripe's privacy policy at https://stripe.com/de/privacy .
Hosting
Our website and platform are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Data processing takes place exclusively on servers located in Germany. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in the secure and efficient provision of our platform).
Content Delivery Network ( jsDelivr )
Our website uses the content delivery network jsDelivr, operated by Volentio JSD Limited, Suite 2a1, Northcliffe House, Young Street, London W8 5EH, United Kingdom Kingdom. When accessing content via jsDelivr, your IP address is transmitted to Volentio servers .
The primary transfer mechanism for data transfers to the United Kingdom is the European Commission's adequacy decision (Implementing Decision EU 2021/1772, Art. 45 para. 3 GDPR). For onward transfers to CDN nodes outside the United Kingdom and the EU, we rely on the EU -Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in the efficient and secure delivery of website content).
Data transmission
As part of the processing activities described above, we transfer personal data to recipients in third countries (in particular the USA and the United Kingdom). We base such transfers on the following hierarchy of transfer mechanisms:
We primarily utilize adequacy decisions of the EU Commission pursuant to Article 45 GDPR. For the USA, the EU-US Data Privacy Framework for certified companies applies (adequacy decision of 10 July 2023). For the United Kingdom, the adequacy decision (Implementing Decision EU 2021/1772) applies. As a supplement and secondary measure, we conclude EU-Standard Contractual Clauses pursuant to Article 46 (2 ) (c) GDPR. We rely on the derogations of Article 49 GDPR only to the extent that no adequacy decision and no suitable safeguards pursuant to Article 46 GDPR are available.
Furthermore, we would like to point out that when using the AI-platforms via their regular user interfaces (see section "Using AI Platforms"), data is processed according to the respective terms of service of the AI providers. In these cases, the transfer of data results from the intended use of the AI services and is subject to the privacy policies of the respective providers.
The specific transfer mechanisms for each recipient are detailed in the respective sections of this privacy policy.
Storage duration
Your data is protected against unauthorized access and loss through appropriate technical and organizational measures.
We only store your data for as long as is necessary to fulfill the respective purposes or as required by statutory retention periods. Specifically, the following periods apply:
- Connection data (server log files) is deleted after 30 days at the latest, unless longer storage is required in individual cases for the investigation or prevention of security incidents.
- Registration and account data are stored for the duration of the contractual relationship and deleted within 90 days of its termination, unless statutory retention obligations apply.
- Invoice data and payment information are subject to tax and commercial law retention periods of six or ten years from the end of the calendar year in which the contract was concluded (§ 147 AO, § 257 HGB).
- Newsletter data is stored until consent is withdrawn and then deleted immediately.
Your rights
You have the following rights with regard to your personal data: the right to information about the data we process (Art. 15 GDPR), the right to rectification of inaccurate data (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to processing insofar as it is based on Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 GDPR).
If you have given your consent to data processing (in particular for the newsletter or for analytics cookies), you can revoke this consent at any time with effect for the future (Art. 7 para. 3 GDPR). The revocation does not affect the lawfulness of the processing carried out before the revocation.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany (https://www.lda.bayern.de).
Automated decision-making
Automatically calculates metrics such as visibility scores, ranking positions, sentiment analysis, and source evaluations based on responses from AI platforms – both for your brand and for competitors you select. These analyses serve solely to inform our clients about their brand's visibility compared to competitors. No automated decision-making within the meaning of Article 22 GDPR takes place that has legal effect on you or similarly significantly affects you.
Obligation to provide data
Providing your email -address, name, and business address is contractually required. Without this information, no contract can be concluded and the platform cannot be used.
Providing brand information, competitor data, business categories and custom prompts is not mandatory for contract fulfillment, but it does limit the functionality and quality of the analysis results.
Changes to this privacy policy
This privacy policy will be updated as needed. The current version is always available on our website.
Only the German version of the Privacy Policy is legally binding. Any version in any other language (such as English) is a matter of courtesy only.
Vjus.AI operated by AtWize Business Services GmbH Munich, last updated: March 12, 2026