Skip to main content
Vireon Dynamics

Legal

Privacy Policy

Last updated 2026-06-03. Questions: contact us from the About page or email listed in our Privacy Policy.

1. Who we are

Vireon Dynamics (Vireon Dynamics) operates vireondynamics.com, customer accounts, billing, and optional cloud services for Liminal AI. We are based in Australia. Contact: admin@vireondynamics.com.

2. Scope

This Privacy Policy covers:

  • Our marketing website and documentation links
  • Vireon accounts (sign-up, login, OAuth)
  • Paid plans (Pro, Team, Enterprise) and Stripe billing
  • Managed inference and inference credit purchases
  • Team org features (invites, audit logs, shared memory sync)
  • Contact and newsletter lead forms

Running Liminal Community Edition locally without a Vireon account is governed primarily by the software license — we do not receive your prompts, code, or session files unless you opt into cloud features.

3. Information we collect

Account & identity

When you create an account we collect email, optional name, authentication identifiers, and session tokens via Supabase Auth. OAuth providers (e.g. Google, GitHub) may share profile basics according to your provider settings.

Billing

Stripe processes payments. We store Stripe customer and subscription IDs, plan tier, seat counts, invoice references, and license metadata — not full card numbers.

Managed inference

When you use Vireon-managed inference we record request metadata needed for billing and abuse prevention: model identifier, token counts, approximate cost, request id, endpoint, and timestamps. We do not store prompt or completion text in the default configuration described in our internal ops docs.

Team & org

Team plans store organization name, member emails, roles, invite tokens, policy/fleet configuration you set, and audit events you generate through admin APIs.

Cloud sync (Pro/Team)

If you enable cloud memory or session history, we store the note/vault/session payloads you upload to the control plane, encrypted in transit (TLS). You can delete account-linked data by contacting us or using account tools where available.

Website & analytics

With your consent, we use analytics (Google Analytics and/or Plausible) to collect aggregated usage data — pages viewed, referrers, device/browser type, approximate geography. See our Cookie Policy.

Communications

If you submit a lead form or contact message we store your email and message content. Transactional email (welcome, billing, invites) is sent via Resend or similar providers.

4. How we use information

  • Provide and secure accounts, licenses, and cloud features
  • Process payments, refunds, and tax/compliance records
  • Operate managed inference metering and rate limits
  • Send service, security, and billing notices
  • Improve the product and website (with consent for analytics)
  • Detect fraud, abuse, and violations of our Acceptable Use Policy
  • Comply with law and enforce our Terms

5. Legal bases (EEA/UK)

Where GDPR applies, we rely on: contract (accounts and paid services); legitimate interests (security, abuse prevention, product improvement with balancing tests); consent (non-essential analytics and marketing email where required); and legal obligation (tax and financial records).

6. Sharing & processors

We use subprocessors to run the service, including:

  • Supabase — authentication and database hosting
  • Stripe — payments and billing portal
  • Vercel — website and API hosting
  • Resend (or equivalent) — transactional email
  • Google Analytics / Plausible — analytics (consent-gated)
  • LLM upstream providers (e.g. via OpenRouter) — inference routing only; governed by their terms when you use managed inference

We do not sell personal information. We may disclose data if required by law or to protect rights and safety.

7. International transfers

Our processors may store or process data in the United States, EU, or other regions. Where required, we use appropriate safeguards (e.g. Standard Contractual Clauses via processor programs). Enterprise customers may request a DPA — see Data Processing Addendum.

8. Retention

  • Account data: while active + reasonable period after deletion
  • Billing/tax records: as required by law (typically 5–7 years in AU)
  • Inference usage logs: billing and abuse windows (typically ≤ 24 months)
  • Analytics: per provider defaults or until consent withdrawn

9. Your rights

Depending on your location you may have rights to access, correct, delete, restrict, object, or port personal data, and to withdraw consent for analytics/marketing.

Australia: You may complain to the OAIC if we do not resolve privacy concerns.
EEA/UK: You may lodge a complaint with your supervisory authority.

Requests: admin@vireondynamics.com. We may verify identity before fulfilling requests.

10. Security

We use TLS, access controls, signed license tokens, webhook signature verification, and least-privilege service keys. No method is 100% secure — report issues responsibly via admin@vireondynamics.com.

11. Children

Our services are not directed to children under 16. We do not knowingly collect their data.

12. Changes

We may update this policy. Material changes will be posted here with a new “Last updated” date. Continued use after changes constitutes acceptance where permitted by law.

13. Contact

Vireon Dynamics
Email: admin@vireondynamics.com
Governing privacy law reference: Australian Privacy Act 1988 (APPs) and applicable local laws.
Technical docs: https://docs.vireondynamics.com

This page is provided for transparency and is not legal advice. For enterprise contracts or custom terms, email our team.