Privacy Policy

Vynix ("Vynix", "we", "us" or "our") provides a website-feedback and developer-context tool: a lightweight browser widget, a dashboard, an API and an MCP server that turn visual feedback into structured context for AI coding agents.

This Privacy Policy explains what we collect, why, and the choices you have. It applies to https://www.vynix.in, the dashboard, the API and the Vynix widget. It does not cover third-party websites that embed the widget. Those sites are run by their own operators under their own policies.

Vynix is used in two ways, and the responsibilities differ:

• Account holders (our customers): people who sign up, create projects and install the widget. For their account data, we act as the data controller.
• Feedback authors (site visitors): people who leave a note through a widget that a customer installed on their own site. For that feedback, the customer is the controller and Vynix acts as a processor, handling the data on the customer's behalf and instructions.

If you left feedback on someone else's website and want it changed or removed, please contact the operator of that website; we will support their request.

We collect only what we need to power the product: your account details, your projects, the annotation content you capture, and the billing and technical basics needed to run a reliable service.

Account information you give us: your name, email address, a securely hashed password, your workspace membership, and (if you sign in with a social provider — Google, GitHub, X, or LinkedIn) the basic profile and, where the provider shares it, the email address from that provider. We use this only to create and sign you into your account; we do not post anything on your behalf through social sign-in. (X does not share an email address, so an account created with X uses a placeholder address until you add your own.)

Project and feedback content: the notes you or your visitors capture, and the technical context attached to each note so an agent can act on it: the page URL and title, the element's CSS selector and XPath, its tag, classes, visible text, bounding box and computed styles, the viewport size, and recent browser console errors and failed network requests.

Screenshots you choose to attach: on a region note you can click "Attach screenshot", at which point your browser asks your permission to share the current tab and we capture a single still image of just the area you selected. It is only ever taken after you grant that permission, it is stored with the note you attach it to, and you can remove it before sending.

What we deliberately do not capture: request or response bodies, request or response headers, cookies, form values you did not type into a note, or full query strings. Captured URLs are reduced to their origin and path before they are stored. We never capture your screen automatically: screenshots happen only on an explicit click and a browser permission prompt. Runtime diagnostics can be switched off entirely with a single widget attribute.

Billing information: when you upgrade, payment is handled by our payment partners (Razorpay and PayPal). They process your card or payment-method details directly. We receive only a transaction reference and status, never your full card number.

Technical and usage data: standard server logs such as IP address, browser type, timestamps and the pages or API endpoints you request, used to keep the service secure and reliable.

Some data is so sensitive that Vynix is built never to ask for it or store it. The widget and extension are deliberately designed not to read or transmit, and our servers never intentionally collect:

• Passwords or saved browser credentials.
• Browser cookies or session cookies.
• Authentication tokens, bearer tokens, JWTs or API keys.
• The contents of localStorage or sessionStorage.
• Credit-card numbers or banking information.
• Values typed into password fields, or hidden form fields you did not deliberately capture into a note.

Payments are handled entirely by our payment partners, so card details never reach our servers. If you ever believe sensitive data has reached us by accident, email privacy@vynix.in and we will delete it.

• Provide, operate and maintain the dashboard, API, MCP server and widget.
• Turn your feedback into structured context, prompts and (when you ask) GitHub issues.
• Authenticate you, secure your account and prevent abuse or fraud.
• Process subscriptions and payments through our payment partners.
• Respond to your support requests and send essential service notices.
• Understand aggregate, non-identifying usage so we can improve the product.

We do not sell your personal information, and we do not use the content of your annotations to train our own or third-party machine-learning models.

We keep things minimal. The dashboard stores your signed-in session token in your browser so you stay logged in. The widget uses your browser's local storage to remember notes you are drafting before you send them. We do not use third-party advertising or cross-site tracking cookies.

We share data only with service providers that help us run Vynix, and only as needed:

• Payment processing: Razorpay and PayPal, to take payments securely.
• Source control: GitHub, only when you choose to connect a repository or open an issue from an annotation.
• Hosting and infrastructure: the servers and databases that run the service.
• Legal compliance: where we are required to by law, or to protect the rights, safety and security of our users and the service.

If Vynix is ever involved in a merger, acquisition or asset sale, we will continue to protect your information and will notify you before it becomes subject to a different policy.

When you connect GitHub, Vynix stores only the minimal metadata needed to link a project and open issues on your behalf: the repository id and name, the installation id, and which workspace the connection belongs to, plus the access token that authorises the connection.

Vynix does not clone, mirror, index or store your repository source code, and we do not train any model on your code. Repository details are fetched from GitHub only when a feature needs them, and your code is never cached on our servers.

Vynix lets you send the context you capture to external AI coding tools, either through the platform or with your own API key. When you export or send content to a provider such as Claude, OpenAI, Gemini, GitHub Copilot, Cursor or Codex, that data is processed under that provider's terms and privacy policy, not ours.

You choose what to send and when. We do not use the content of your annotations to train our own or any third-party models.

We keep your account and project data for as long as your account is active, and for a reasonable period afterwards for operational, security and legal purposes. You can delete annotations and projects at any time from the dashboard.

We may retain limited records for longer where the law requires it (for example, tax and billing records) or to resolve disputes and enforce our agreements. This is a retention policy, not an automated deletion schedule.

You can ask us to close your account and delete your personal data at any time by emailing privacy@vynix.in from your account address. We will action the request within a reasonable time, except for the limited records we are required to keep as described above.

Deleting a project removes its annotations, screenshots and related context. Account deletion is handled on request rather than fully automated, so please reach out and we will take care of it.

Connections to the dashboard, API and widget are encrypted in transit with HTTPS. Passwords are hashed, access tokens are signed, and feedback is scoped to the account and project that created it. No method of transmission or storage is ever completely secure, so while we work hard to protect your data we cannot guarantee absolute security.

Wherever you live, you can contact Vynix to request access to, correction of, a copy of, or deletion of your personal data, and to object to or restrict certain processing. Depending on your location these may be legal rights; we extend the same practical options to everyone.

You can do much of this yourself from the dashboard. To make a request, write to privacy@vynix.in; we may need to verify your identity before acting on it, and we will respond within a reasonable time.

Vynix is operated from India and your data may be processed on servers there or with the service providers listed above. Where data is transferred across borders, we rely on appropriate safeguards and the protections described in this policy.

Vynix is a tool for website owners and developers and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy as the product and the law evolve. When we make material changes we will update the date below and, where appropriate, notify you. Continuing to use Vynix after an update means you accept the revised policy.

Questions about this policy or your data? Email us at privacy@vynix.in and we will respond as soon as we can.