Legal
Last updated: 13 April 2026
Visisto Ltd (“Visisto”, “we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website (visisto.com) and platform (dash.visisto.com).
When you create a Visisto account, we collect your name, email address, and password (encrypted). If you upgrade to a paid plan, we collect billing information through our payment processor (Stripe). We never store full credit card numbers on our servers.
When you install the Visisto script on your website, we collect data about your website visitors who interact with Visisto widgets. This includes: email address (when voluntarily submitted via a widget), IP address (for geographic targeting, stored in hashed form), device type, browser, referring URL, pages visited, and widget interactions (impressions, clicks, conversions).
We collect information about how you use the Visisto platform: pages visited within the dashboard, features used, widgets created, emails sent, sequences configured, and integrations connected. This data helps us improve the product and provide support.
We do not sell your personal data to third parties. We do not use your data for advertising. We do not share your contact lists or email content with anyone.
We process your personal data under the following legal bases:
Your data is stored securely in the European Union (EU). We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest). Access to production data is restricted to authorised personnel via multi-factor authentication. We conduct regular security audits and penetration testing.
Passwords are hashed using bcrypt with a minimum cost factor of 12. API keys and webhook secrets are encrypted at rest. Database backups are encrypted and stored in a separate geographic region.
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days (except where retention is required by law — e.g., billing records retained for 7 years for tax purposes). Contact data collected through your widgets is retained as long as your account is active and is deleted within 30 days of account closure.
Under GDPR, you have the right to:
To exercise any of these rights, email support@visisto.com. We respond to all requests within 30 days.
The Visisto marketing website uses essential cookies only (session management, authentication). We do not use tracking cookies, advertising cookies, or third-party analytics on our marketing site.
The Visisto widget script placed on your website uses a first-party cookie to track widget display frequency (to enforce frequency caps). This cookie does not track users across websites and contains no personally identifiable information.
We use the following third-party processors:
All processors are GDPR-compliant with appropriate data processing agreements in place. We do not share data with processors beyond what is necessary to provide the service.
If you process personal data of EU residents through Visisto (e.g., collecting email addresses via widgets), Visisto acts as a data processor on your behalf. A Data Processing Agreement (DPA) is available on request — email support@visisto.com.
Visisto is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The “last updated” date at the top reflects the most recent revision.
For any privacy-related questions, concerns, or data subject requests, contact us:
