Privacy Policy
Effective May 18, 2026
1. Who we are
Vexpose ("we", "us") is the operator of the Service. Reach us at privacy@vexpose.com.
2. What we collect
- Account data: email address, hashed password, timestamps.
- Organization data: business name, logo you upload, URL slug.
- Scan data: the two photos taken during a scan, computed angles, and the annotated result image.
- Usage data: standard server logs (IP, user agent, page URL) for security and debugging.
3. How we use it
- To run the Service (store scans, render branded pages).
- To authenticate you and protect your account.
- To respond to support requests.
- To improve product quality (aggregate, non-identifying).
4. Where photos live
Pose detection runs in the client's browser. The two photos and the annotated result are uploaded to our storage provider (Supabase Storage) so you and the client can revisit the report. Photos are stored in private buckets accessible only via the result link, and are deleted within 24 hours of account deletion.
5. Third parties
- Supabase — auth, database, storage (hosted on AWS).
- Vercel — application hosting.
- TensorFlow.js + MoveNet — pose detection runs locally; no scan data is sent to Google.
6. Your rights (GDPR / CCPA / similar)
You can:
- Request a copy of your data;
- Request deletion of your data (also via Settings);
- Object to or restrict certain processing;
- Lodge a complaint with your local data protection authority.
7. Children
The Service is not directed to children under 16. If you learn a child has provided us personal data, contact us and we will delete it.
8. Security
We use TLS in transit, server-side encryption at rest, and row-level security to scope reads and writes. No system is perfectly secure — please use a strong, unique password.
9. Changes
Material changes are announced with reasonable notice via email or in-product banner.