Privacy

Viewport is the data controller for account data and the limited session metadata we process to run the Service. For the content your agents act on (code, transcripts, tool output), the daemon keeps it on your machine — we do not act as a controller or processor of that content. Where we process personal data on behalf of a business customer, our Data Processing Addendum governs that processing.

Session metadata. Id, machine id, working directory path, repo metadata (remote, branch, sha), status, last activity, and a short summary the daemon emits. This is what powers the sessions list and inbox.

Account data. Your email, organization name, team membership, payment info. Payments are handled by Stripe. We never store card numbers.

Audit ledger. Who decided what, and when. This is yours. Export from the app anytime.

Diagnostics and analytics. Crash diagnostics help us find broken routes. Product analytics are optional and stay off until you allow them in the cookie banner.

We don’t collect prompts, agent transcripts, tool output, file contents, secrets, or environment variables. The daemon holds those locally; opening a session in the web app fetches detail from your machine on demand.

We process account data and session metadata to provide and secure the Service (performance of our contract with you), to bill paid plans (legal/contractual necessity), and to keep the Service safe and working (our legitimate interest in security and reliability). Optional analytics are processed only with your consent. We do not sell personal data and do not use Your Content to train models.

We rely on a small set of vetted subprocessors to run the Service — for hosting, authentication, payments, sandboxed execution, email, and error monitoring. The current list, with each provider’s role and location, lives in our Data Processing Addendum. We update it there when it changes.

We keep account data for as long as your account is active. Session metadata is retained while it is operationally useful and then aged out. On cancellation, your audit ledger stays exportable for 30 days, then is deleted. Backups roll off on their own schedule.

If you are in the EEA or UK, you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing based on legitimate interests. You can withdraw analytics consent at any time via the privacy banner. Email [email protected] to exercise a right; you also have the right to complain to your local supervisory authority. International transfers rely on the mechanisms set out in the DPA.

If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to correct it. We do not sell or share personal information as those terms are defined under the CCPA, and we will not discriminate against you for exercising your rights. Use the same contact above.

Necessary browser storage keeps authentication, theme, and basic site preferences working. Optional analytics storage is controlled by the privacy banner and can be changed by clearing site data.

On Enterprise, the relay and control plane run on your infrastructure. Our role is purely as a software vendor: we don’t see anything that flows through your self-hosted stack.

Questions about how Viewport handles your data? Email [email protected].