Privacy Policy
Last updated: June 10, 2026
1. Who We Are (Data Controller)
The Vigmis platform is operated by Taurus Management and Investments Ltd. (טאורוס ניהול והשקעות בע"מ), Company No. 514565118, registered in Israel, with offices at 25 Mabshovitz Binyamin St., Herzliya 4640525, Israel ("Vigmis", "we", "us").
We are the Data Controller for personal data collected through vigmis.com and the Vigmis dashboard. For all privacy-related inquiries: privacy@vigmis.com.
Note: The contracting entity may update to VIGMIS US LLC (Wyoming, USA) once that entity is established. This policy will be updated accordingly and users will be notified.
2. Information We Collect
Account & identity data
- Name and email address — provided during sign-up via Clerk (our authentication provider)
- Profile preferences and notification settings
Business & onboarding data
- Business name, website URL, industry, and description
- Advertising budget, campaign goals, and geographic targeting preferences
- Brand assets, tone of voice, and creative preferences you provide
- Information about your products, services, and target audience
Ad platform credentials
- OAuth access tokens for Google Ads, Meta (Facebook/Instagram), and TikTok Ads
- We store tokens in encrypted form and use them solely to manage your campaigns
- Campaign performance data retrieved from connected platforms
Usage and technical data
- Dashboard interactions, features used, and session activity
- IP address, browser type, and device information
- System logs for error diagnosis and security monitoring
Billing data
- Payment is processed entirely by Stripe. We do not store or access your credit card numbers.
- We retain billing history (amounts charged, invoices) for tax and legal compliance.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing your account information, business data, and ad platform credentials is necessary to provide the Vigmis service you have subscribed to.
- Legitimate interests (Art. 6(1)(f) GDPR): We process usage data, logs, and aggregated analytics to improve service quality, diagnose errors, and ensure security — where these interests are not overridden by your rights.
- Legal obligation (Art. 6(1)(c) GDPR): We retain billing records and audit logs as required by applicable tax and financial regulations.
- Consent (Art. 6(1)(a) GDPR): Where you have opted in to WhatsApp or email performance alerts, we rely on your consent, which you may withdraw at any time from Dashboard → Settings → Notifications.
4. How We Use Your Data
- Creating, launching, and optimising advertising campaigns on your behalf
- Generating AI-powered campaign strategies, creative content, and performance analysis
- Calculating and charging our management fee via Stripe
- Sending performance alerts via WhatsApp and email (only where you have opted in)
- Providing customer support and responding to your requests
- Improving our AI models and platform features using anonymised, aggregated data
- Detecting and preventing fraud, abuse, and security incidents
- Complying with legal and regulatory obligations
We do not use your data for advertising to third parties and we do not sell your personal data.
5. Data Sharing & Sub-processors
We do not sell your data. We share data only with the third-party providers listed below, each of whom is contractually bound to process your data only as instructed and to maintain appropriate security:
| Provider | Purpose | Location |
|---|---|---|
| Clerk | Authentication & user identity | USA |
| Supabase | Database & file storage | USA / EU |
| Stripe | Payment processing & invoicing | USA |
| Railway | Application hosting & infrastructure | USA |
| Cloudflare | CDN, image storage (R2), DDoS protection | Global |
| OpenAI | AI content generation & analysis | USA |
| Anthropic | AI strategy & campaign intelligence | USA |
| Google (Ads, Analytics) | Campaign management & performance data | Global |
| Meta (Facebook/Instagram) | Campaign management & performance data | USA / Ireland |
| TikTok | Campaign management & performance data | USA / Singapore |
| Twilio | WhatsApp alert delivery (opt-in only) | USA |
| SendGrid (Twilio) | Transactional email delivery | USA |
| Taurus Management Ltd. | Software development & infrastructure operations (sub-processor) | Israel |
6. International Data Transfers
Vigmis is operated from Israel, and your data may be processed in the United States and other countries where our sub-processors operate. These countries may have data protection laws that differ from those in your home country.
Israel: The European Commission has recognised Israel as providing an adequate level of data protection for personal data transferred from the EEA (Adequacy Decision 2011/61/EU). Transfers to Israel do not require additional safeguards.
United States and other countries: Where we transfer data to sub-processors in countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on other lawful transfer mechanisms. You may request a copy of the applicable transfer safeguards by contacting privacy@vigmis.com.
7. Data Retention
- Account & campaign data: Retained for the duration of your account. Upon account deletion, data is permanently removed within 30 days.
- Billing & invoice records: Retained for 7 years as required by applicable tax laws, even after account deletion.
- Security & audit logs: Retained for 12 months for fraud prevention and incident response.
- Ad platform OAuth tokens: Deleted immediately upon account deletion or platform disconnection.
- Anonymised aggregated data: May be retained indefinitely for service improvement purposes.
8. Your Rights
Rights under GDPR (EEA & UK users)
- Right of access (Art. 15): Request a copy of all personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data, subject to our legal retention obligations.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to restrict processing (Art. 18): Request that we limit how we process your data in certain circumstances.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA within the EU).
Rights under CCPA (California residents)
- Right to know: Request disclosure of the personal information we have collected about you and the purposes for collection.
- Right to delete: Request deletion of personal information we have collected, subject to legal exceptions.
- Right to opt-out of sale: We do not sell personal information. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of the above rights, contact us at privacy@vigmis.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
9. Cookies & Tracking
We use the following cookies and similar technologies:
- Essential cookies: Required for authentication and session management, provided by Clerk. Cannot be disabled without affecting core functionality.
- Security cookies: Used to detect and prevent fraudulent activity.
We do not use advertising cookies, third-party tracking pixels, or behavioural profiling cookies. We do not use Google Analytics or similar tracking tools on our marketing pages.
10. Children's Privacy
The Vigmis platform is intended for use by businesses and professionals aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at privacy@vigmis.com and we will delete it promptly.
11. Data Deletion
To delete your account and all associated data:
- Go to Dashboard → Settings → Danger Zone → Delete Account
- Or email privacy@vigmis.com
Upon deletion, your campaigns are paused, all platform OAuth connections are revoked, and your data is permanently removed within 30 days. Billing records are retained as required by law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The current version is always available at vigmis.com/privacy. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact
For all privacy-related requests and inquiries:
privacy@vigmis.com
Taurus Management and Investments Ltd., 25 Mabshovitz Binyamin St., Herzliya 4640525, Israel