Privacy Policy

Effective May 16, 2026

What VistaVault is

VistaVault is a hosting platform built specifically for 3DVista virtual tours. Subscribers get a dedicated hosting environment, a personal subdomain at username.vistavault.net, and a dashboard for uploading tours, managing access, and monitoring usage. This policy covers data we collect from subscribers and from visitors who view hosted tours.

Information we collect from subscribers

Account data. When you register, we collect your email address, username, and display name. Your password is hashed using a one-way algorithm before storage. We never store or transmit your password in plain text.

Tour content. ZIP files you upload and the extracted tour assets are stored in your dedicated hosting environment. You own this content. We do not inspect, index, or process it beyond what is necessary to serve it to your visitors.

Usage metrics. We track how much storage your tours consume and how much bandwidth your tours transfer each billing cycle. These figures are displayed in your dashboard and used to enforce your plan limits.

Session data. When you sign in, we set a single HTTP-only, Secure, SameSite=Strict session cookie. It expires when you sign out or after 14 days of inactivity. No other cookies are set on your browser.

Information we collect from your tour visitors

When someone loads one of your hosted tours, we log the timestamp, the referring URL, and a broad traffic source category (direct, referral, social). This data is aggregated to generate the analytics shown in your dashboard: view counts, traffic sources, and referrer breakdowns.

We do not retain raw IP addresses after processing. We do not use visitor data for advertising, profiling, or any purpose other than generating your analytics.

What we do not do

  • We do not sell or rent subscriber or visitor data to any third party.
  • We do not place advertising tracking cookies on your browser or your visitors' browsers.
  • We do not track subscribers across other websites.
  • We do not use your tour content to train machine learning models.

How we use your information

  • To operate your account and serve your tours.
  • To display storage and bandwidth usage in your dashboard.
  • To send transactional emails: account confirmation, password resets, and billing receipts. We do not send marketing email.
  • To enforce plan limits and detect abuse or unauthorized access.

Third-party services

Akamai Technologies. Your tour files are stored and served on Akamai's cloud infrastructure. Akamai processes data on our behalf under a data processing agreement.

Cloudflare. All traffic to your subdomain passes through Cloudflare for SSL/TLS termination and DNS. Cloudflare may log request metadata per their own privacy policy.

Payment processing. Billing is handled by our payment processor. We do not store full card numbers or CVVs on our servers. Payment data is governed by our processor's PCI-compliant systems.

Data retention

  • Account data: retained while your account is active. Deleted within 30 days of verified account closure.
  • Tour files: deleted immediately when you delete a tour, or within 30 days of account closure.
  • Visitor logs: raw logs purged after 90 days. Aggregated monthly analytics are retained indefinitely.
  • Backups: encrypted backups are retained for up to 30 days, then permanently deleted.

Your rights

You can delete any tour from your dashboard at any time. You can update your account email and display name from your profile settings. To close your account and request deletion of all associated data, contact us at the address below. We will confirm and complete deletion within 30 days.

If you want a copy of the personal data we hold about your account, email us and we will provide it within 14 days.

Security

Each subscriber's tours are isolated in a dedicated hosting environment. Subscribers cannot access each other's files, subdomains, or analytics. All traffic is served over HTTPS. Session cookies are HTTP-only and Secure. Passwords are hashed and salted.

Changes to this policy

If we make material changes, we will update the effective date at the top of this page and notify subscribers by email at least 14 days in advance.

Contact

Privacy questions or data requests: [email protected]