Privacy Policy

We collect information you provide directly to us when you create an account, build your profile, purchase a product or NFC card, or contact us for support. The types of data we collect include:

• Account data: name, email address, and password (stored as a one-way hash).
• Profile data: display name, biography, profile photo, links, services, products, and social handles you add to your VRsion One page.
• Transactional data: billing address, last four digits of payment card, and purchase history.
• Device and usage data: IP address, browser type, pages visited, and interactions with your profile and dashboard.
• Communications: messages you send to our support team or feedback you submit via in-app tools.

We do not collect sensitive personal data such as government ID numbers, health records, or biometric information.

VRsion One uses the information we collect to operate, maintain, and improve our services. Specifically, we use your data to:

• Create and manage your account and digital identity profile.
• Process payments and fulfil orders for NFC cards and premium plans.
• Deliver profile analytics, view counts, and lead capture summaries to you.
• Send transactional emails such as order confirmations, security alerts, and account notifications.
• Respond to your support requests and improve our documentation.
• Detect and prevent fraud, abuse, and security incidents.
• Send you product updates, tips, and announcements if you have opted in.

We do not use your data to build advertising profiles or sell it to third-party advertisers.

Your profile page is public by default unless you explicitly set it to private within your account settings. Any content you add to your profile — including links, services, media embeds, and product listings — will be visible to anyone who accesses your profile URL, QR code, or NFC card.

You are responsible for the accuracy and legality of content you publish to your profile. VRsion One acts as a hosting and presentation platform and does not editorially review public profile content.

You may update, hide, or permanently delete your profile and all associated data at any time from your account settings. Deletion requests are processed within 30 days.

We use first-party cookies and similar technologies to maintain your session, remember your preferences, and collect anonymised usage statistics. Our analytics infrastructure measures profile views, link clicks, geographic reach, and device types to help you understand how your audience engages with your content.

• Session cookies: required for login and dashboard functionality. These expire when you close your browser.
• Preference cookies: store language, theme, and layout settings. Retained for 12 months.
• Analytics cookies: collect aggregated, anonymised data on usage patterns. Retained for 13 months.

We do not use third-party advertising cookies or cross-site tracking technologies. You can disable non-essential cookies at any time via the cookie preferences panel in your account settings.

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment service provider. VRsion One does not store full card numbers, CVV codes, or raw bank details on our servers.

We retain limited billing records including the last four digits of your payment method, card type, billing country, and transaction timestamps. These records are retained for a minimum of seven years to comply with financial reporting obligations.

Stripe's privacy policy governs how your full payment data is handled. We strongly recommend reviewing it at stripe.com/privacy.

When a visitor scans your QR code or taps your NFC card, VRsion One records an anonymised event containing the approximate geographic region (city-level), device type, and timestamp. This data is associated with your account and displayed in your analytics dashboard.

We do not collect personally identifiable information about the people who scan your code or tap your card unless they voluntarily submit their contact details through your profile's lead capture form. Lead data belongs to you and is stored securely in your account.

NFC card programming data (the URL encoded on your card) is stored to enable re-programming and redirection management. Physical card serial identifiers are hashed before storage.

We do not sell, rent, or trade your personal information to third parties. We may share limited data with trusted service providers who help us operate our platform, subject to confidentiality obligations. These providers include:

• Cloud infrastructure (servers, databases, file storage) — under data processing agreements.
• Payment processing (Stripe) — only the data required to complete transactions.
• Transactional email delivery — limited to your email address and content of the email.
• Error monitoring and performance tracking — anonymised technical logs only.

We may disclose your information if required by law, court order, or government authority, or if necessary to protect the safety, rights, or property of VRsion One, our users, or the public. We will notify you before disclosing your data where legally permitted to do so.

We retain your account data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 30 days, unless a longer retention period is required for legal, financial, or dispute-resolution purposes.

• Active account data: retained indefinitely while your account is open.
• Deleted account data: removed within 30 days of deletion request.
• Billing records: retained for 7 years to meet financial compliance requirements.
• Anonymised analytics: may be retained indefinitely as aggregate statistics with no personal identifiers.
• Support communications: retained for 2 years after resolution.

Backups may retain copies of your data for up to 90 days after deletion to ensure system resilience. Backup copies are encrypted and inaccessible to product workflows.

We take the security of your data seriously and implement industry-standard technical and organisational measures to protect it from unauthorised access, loss, or disclosure.

• All data is encrypted in transit using TLS 1.2 or higher.
• Stored data is encrypted at rest using AES-256.
• Passwords are hashed using bcrypt with a unique per-user salt.
• Access to production systems is restricted to authorised personnel with multi-factor authentication.
• We conduct regular security reviews and vulnerability assessments.

No system is completely immune to security threats. If you discover a vulnerability or suspect your account has been compromised, please contact us immediately at security@vrsionone.pro. We respond to all security reports within 24 hours.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: request a copy of all personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data, subject to legal retention obligations.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to restriction: request that we limit processing of your data in certain circumstances.
• Right to object: object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@vrsionone.pro. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

• Privacy enquiries: privacy@vrsionone.pro
• Security issues: security@vrsionone.pro
• General support: support@vrsionone.pro
• Registered correspondence: VRsion One, Legal Department

We aim to acknowledge all privacy-related enquiries within 2 business days and provide a full response within 30 days. For urgent matters involving potential data breaches or account compromise, please mark your subject line with [URGENT] for expedited handling.

This Privacy Policy was last updated on 19 March 2026. We will notify registered users of any material changes via email before they take effect.