Privacy Policy

Welcome to VR Goals OKR Platform (“VR Goals,” “we,” “us,” or “our”), operated by BnB Ventures LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We use the information we collect to:

• Provide and maintain the Service: Deliver the OKR management features you use, including goal tracking, task management, and team collaboration.
• Improve and personalize: Analyze usage patterns to improve the Service, develop new features, and customize your experience.
• Communicate with you: Send service-related notifications, respond to your inquiries, and provide customer support.
• Ensure security: Detect, prevent, and address technical issues, fraud, and unauthorized access.
• Process payments: If applicable, process subscription payments and manage your billing information through our payment processor.
• Comply with legal obligations: Fulfill our legal and regulatory requirements.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Consent: Where you have given us clear consent to process your personal data for a specific purpose.
• Contract performance: Where processing is necessary to perform our contract with you (i.e., providing the Service).
• Legitimate interests: Where processing is necessary for our legitimate interests (such as improving the Service, marketing, and fraud prevention), provided those interests are not overridden by your rights.
• Legal obligations: Where processing is necessary to comply with applicable laws and regulations.

We do not sell your personal data. We may share your information with the following categories of third parties only as necessary to provide and improve the Service:

• Supabase: Our infrastructure provider for database hosting, authentication, and storage.
• Stripe: Our payment processor for handling subscription payments. Stripe processes your payment information in accordance with their own privacy policy.
• Analytics providers: We may use analytics services to help us understand how the Service is used.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including the EU-US Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, and other legally recognized transfer mechanisms.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Usage data and analytics may be retained in aggregated, anonymized form for longer periods for statistical and product improvement purposes.

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to erasure: You can request that we delete your personal data, subject to certain exceptions.
• Right to data portability: You can request a copy of your data in a structured, machine-readable format.
• Right to restriction: You can request that we restrict the processing of your personal data.
• Right to object: You can object to the processing of your personal data based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@vrgoals.com. We will respond to your request within 30 days.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know: You can request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You can request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to opt-out of sale: We do not sell your personal information. If this changes, we will provide you with an opt-out mechanism.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, please contact us at privacy@vrgoals.com.

We use the following types of cookies:

• Essential cookies: Required for the Service to function properly, including authentication tokens and session management. These cannot be disabled.
• Analytics cookies: Help us understand how the Service is used so we can improve it. These may be disabled without affecting core functionality.

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, blocking essential cookies may prevent the Service from functioning properly.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as soon as possible. If you believe we may have collected data from a child under 16, please contact us at privacy@vrgoals.com.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Role-based access controls and authentication mechanisms
• Regular security assessments and monitoring
• Incident response procedures for data breaches

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service with a new effective date and, where appropriate, by sending you a notification via email. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@vrgoals.com
• Support: https://support.vrgoals.com
• Data Protection Officer: dpo@vrgoals.com

BnB Ventures LLC