Privacy Policy
Last updated: 19 July 2026
Vinyard (“Vinyard”, “we”, “us”, “our”) provides an AI-assisted customer-messaging platform that helps businesses receive and reply to their customers’ messages — primarily on WhatsApp. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices and rights you have. Vinyard is operated from Israel; you can reach us anytime at [email protected].
1. Our two roles
Vinyard handles personal data in two capacities:
- As a controller — for the accounts of the businesses that sign up for Vinyard (our direct customers), for visitors to getviny.com, and for people who contact us.
- As a processor — for the customer conversations a business manages through Vinyard (messages, contact details, etc.). Here the business is the controller and decides how that data is used; we process it on their behalf under our agreement with them. If you are an end-customer of a business that uses Vinyard, please see “If a business uses Vinyard to talk to you” below.
2. Information we collect
Account & business information
- Account details: name, email address, and a hashed password.
- Business profile and settings you configure (business name, hours, AI instructions, knowledge-base content, team members).
- Messaging-channel credentials you connect (e.g. WhatsApp access tokens). These are encrypted at rest and used only to send and receive messages on your behalf.
Conversation data (processed on our customers’ behalf)
- The content of messages exchanged between a business and its customers, and related metadata (timestamps, delivery status, sender).
- Contact records for the business’s customers (e.g. name and phone number as provided by the messaging platform), notes, and tags.
Usage & technical data
- Log and device data such as IP address, browser type, and actions taken in the app, used for security, debugging, and improving the service.
- Leads submitted through our marketing site (name and email/phone) when you ask us to contact you.
3. How we use information
- To provide, operate, and secure the service.
- To generate AI-assisted reply suggestions and automated responses based on a business’s configuration and knowledge base.
- To send transactional messages (e.g. password resets, escalation alerts, lead notifications).
- To provide support, prevent abuse and fraud, and comply with legal obligations.
- To improve the service — using aggregated or de-identified data where possible.
Our legal bases (where GDPR applies) include performance of a contract, legitimate interests (operating and securing the service), consent (where required, e.g. marketing), and compliance with legal obligations.
4. Artificial intelligence
To generate replies, relevant message content and your business context are sent to our AI provider (OpenAI) through its API. We use AI providers on terms under which your data is not used to train their models. AI output can be imperfect; businesses remain responsible for reviewing and for the messages sent from their account.
5. Sub-processors
We rely on trusted third parties to run Vinyard. Each processes data only as needed to provide its service to us:
| Provider | Purpose |
|---|---|
| Meta Platforms (WhatsApp Business Platform) | Message delivery to/from WhatsApp |
| OpenAI | AI reply generation |
| Railway | Application hosting & database |
| Cloudflare | DNS, CDN, and site hosting |
| Resend | Transactional email delivery |
| Google Workspace | Business email |
We do not sell personal data.
6. Sharing & disclosure
We share personal data only: with the sub-processors above; with the business account that controls a given conversation; when required by law or to protect rights, safety, and security; and in connection with a business transfer (e.g. merger or acquisition), subject to this Policy.
7. International transfers
Some of our providers are located outside Israel and the EEA (e.g. in the United States). Where required, such transfers are made under appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.
8. Data retention
We retain account and conversation data for as long as an account is active and as needed to provide the service, then delete or de-identify it within a reasonable period, unless a longer period is required by law. A business can request deletion of its data at any time (see Data deletion).
9. Security
We use industry-standard measures to protect personal data, including encryption in transit (TLS), encryption of sensitive credentials at rest, access controls, and tenant isolation. No method of transmission or storage is 100% secure, but we work to protect your information and to promptly address any issues.
10. Your rights
Subject to applicable law (including the EU/UK GDPR and Israel’s Privacy Protection Law), you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, email [email protected]. If your data is processed by Vinyard on behalf of a business (as a processor), we will refer your request to that business or act on its instructions. You may also have the right to lodge a complaint with a supervisory authority.
11. If a business uses Vinyard to talk to you
If you messaged a business that uses Vinyard, that business is the controller of your conversation and its own privacy policy governs how it uses your data. For access or deletion, contact that business directly, or email us at [email protected] and we will route your request. See Data deletion for how to request removal of your data.
12. Cookies
Our web app uses essential browser storage to keep you signed in and remember preferences (such as language). Our marketing site uses minimal, privacy-respecting analytics. We do not use advertising cookies.
13. Children
Vinyard is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children.
14. Changes to this Policy
We may update this Policy from time to time. We will post the updated version here and revise the “Last updated” date; material changes will be communicated as appropriate.
15. Contact
Questions or requests? Email [email protected].