Privacy Policy

Version: 1.0

Effective Date: June 12, 2026

Last Updated: June 12, 2026

At Vidilec (“Vidilec,” “we,” “us,” or “our”) we value your privacy and are committed to being transparent and accountable with your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, how long we keep it, and what rights you have over it.

This Policy is an integral part of our Terms of Service and should be read alongside them. If you do not agree with this Policy, please do not use our services.

The party responsible for processing your personal information is Kevin Steven Morales Castro, who operates the Vidilec ecosystem as a legally constituted sole proprietor (persona natural) under the laws of the Republic of Ecuador. When this Policy says “Vidilec,” “we,” or “our,” it refers to him in his capacity as operator of the ecosystem.

Privacy contact details:

• Privacy email: [email protected]
• Postal address: Ecuador, Quito, Imbabura, Cotacachi
• Website: vidilec.com

Vidilec is an ecosystem of software applications for systems architecture, designed by and for engineers who value precision, speed, and a good workspace. When you register, you create a “Vidilec Account” that gives you access to the current applications (such as Gyth) and those added in the future.

This Policy applies to all users of vidilec.com and the ecosystem’s applications, anywhere in the world. Because the operator is domiciled in Ecuador, data processing is governed primarily by Ecuador’s Organic Law on Personal Data Protection (LOPDP). Where you reside in another jurisdiction, local data-protection laws may additionally apply:

• European Economic Area and United Kingdom: the General Data Protection Regulation (GDPR) and the UK GDPR.
• United States: applicable state laws, such as California’s CCPA/CPRA, among others.
• Other jurisdictions: the applicable local data-protection laws.

The specific rights described in Section 13 depend on the jurisdiction in which you are located.

We collect the following categories of personal information. For each one, we indicate how we collect it, how we use it, the legal basis we rely on, and with whom we may share it.

When you create your Vidilec Account, we collect data such as your name, avatar, email address, and, where applicable, your date of birth (used to verify that you meet the minimum age requirement).

How we collect it: Directly from you when you register.

How we use it: Your name and avatar may be displayed in profiles within the ecosystem to enable user search and social features. We use your email to send you service notices (updates, changes, legally required notifications) and, only if you consent, promotional communications or offers.

Legal basis for processing: Performance of the contract (providing the service); consent (for promotional communications); legal obligation or legitimate interest (verifying that you meet the minimum age requirement); legitimate interest (security and operation of the ecosystem).

How we may disclose it: With our service providers (including the identity provider Auth0/Okta); in the context of a business transfer; and for legal purposes.

When you purchase a paid service (such as a subscription), the charge is processed through Lemon Squeezy, acting as Merchant of Record. Vidilec does not store or have access to your credit or debit card data at any time. We only receive limited information necessary to manage your subscription (for example, payment confirmation, subscription status, billing country).

How we collect it: Through Lemon Squeezy, our third-party payment processor.

How we use it: To manage your subscription, ensure the security and integrity of the service, and comply with legal and tax obligations.

Legal basis for processing: Performance of the contract; legal obligation (billing and taxes).

How we may disclose it: With Lemon Squeezy (which is responsible for your card data and billing under its own policies); with service providers; and for legal purposes.

If you communicate with us (for example, by email or through support channels), we collect the information you choose to share, such as the content of your messages and your contact details.

How we collect it: Directly from you.

How we use it: To respond to you, provide support, improve the service, ensure its security and integrity, and comply with legal obligations.

Legal basis for processing: Legitimate interest (handling your request and improving the service); legal obligation where applicable.

How we may disclose it: With our service providers; in the context of a business transfer; and for legal purposes.

You may provide personal information through the files, images, diagrams, texts, or other materials you create or upload to the service (“Your Content”). Under our Terms, you retain ownership of Your Content; Vidilec only receives a limited license to store, process, and display it for the purpose of providing the service.

How we collect it: Directly from you.

How we use it: To maintain and provide the service, offer support, develop and improve the service, and ensure its security and integrity.

Legal basis for processing: Performance of the contract; legitimate interest (security and improvement of the service).

How we may disclose it: With hosting and cloud providers necessary to deliver the service; and for legal purposes. We do not access Your Content except where necessary to provide the service, for security reasons, or by legal obligation.

The projects or products you build within a Vidilec application are stored in Vidilec’s infrastructure as you choose to save or upload them.

How we collect it: Directly from you, through your use of the software.

How we use it: To provide storage features and allow you to keep and access your work.

Legal basis for processing: Performance of the contract.

How we may disclose it: Through the social features of the software, you may share files or documents with other users when you expressly authorize it. Otherwise, we do not disclose them except to hosting providers or for legal purposes.

Identity management and authentication for your Vidilec Account are operated by Auth0 (a company of Okta), a third party specialized in identity security. Auth0 processes this data on our behalf, as a service provider, subject to contractual safeguards and its own security commitments.

How we collect it: Through Auth0/Okta when you register or log in.

How we use it: To authenticate your identity, grant access to your account, and protect the ecosystem against unauthorized access.

Legal basis for processing: Performance of the contract; legitimate interest (account security).

How we may disclose it: With Auth0/Okta as identity processor; and for legal or security purposes.

When you use our website and applications, we may automatically collect technical data such as your IP address, device and browser type, identifiers, activity logs, and service usage data.

How we collect it: Automatically, through your use of the service and technologies such as cookies (see Section 5).

How we use it: To operate and secure the service, prevent fraud and abuse, analyze usage, and improve our products.

Legal basis for processing: Legitimate interest (security and improvement); consent where required by law (e.g., non-essential cookies).

How we may disclose it: With hosting, security, and analytics providers; and for legal purposes.

We process your personal information relying on one or more of the following legal bases, as recognized by Ecuador’s LOPDP and, where applicable, the GDPR and other local laws:

• Performance of a contract: when processing is necessary to provide the service you have contracted.
• Consent: when you grant it (for example, for promotional communications or non-essential cookies). You can withdraw it at any time.
• Legitimate interest: for purposes such as security, fraud prevention, and service improvement, provided your rights and freedoms do not override it.
• Legal obligation: when we must process data to comply with the law (for example, tax obligations or responses to authorities).

For users in the EEA or the UK, the table below maps each category of data described in Section 3 to its legal basis under Article 6(1) of the GDPR / UK GDPR:

Where we rely on legitimate interest, we have assessed that our interests are not overridden by your rights and freedoms; you may request more information about these assessments and may object to such processing (see Section 13).

We use cookies and similar technologies only to make the service work, keep you logged in, and protect the security and performance of the service. We distinguish between:

• Essential cookies: necessary for the service to function, such as session authentication and security cookies. This includes cookies set by Cloudflare, our infrastructure and security provider (for example, for bot protection). Essential cookies do not require consent.
• Non-essential cookies: used by many websites for advertising, cross-site tracking, or profiling. We do not use them. We believe privacy is a fundamental right, and we deliberately limit the data we collect and process to what is strictly necessary to provide the service.

We measure aggregate usage of the service using Cloudflare Web Analytics, a privacy-first tool that does not use cookies, does not fingerprint your device, and does not track you across sites.

You can block or delete cookies through your browser settings; however, blocking essential cookies may prevent the service from working properly (for example, you may not be able to stay logged in).

We may share your personal information in the following situations:

• With service providers: that help us operate the service, such as Auth0/Okta (identity), Lemon Squeezy (payments), and cloud, hosting, and analytics providers. These providers may only process your data following our instructions and with appropriate safeguards. The current list of our subprocessors, the data they process, and their transfer safeguards is available at vidilec.com/legal/subprocessors.
• In business transfers: if Vidilec merges, is acquired, financed, or transfers part of its business, your personal information could be transferred as part of the transaction. We will notify you where appropriate.
• For legal purposes: to comply with the law, respond to valid legal requests, and protect the rights, property, and safety of Vidilec, its users, and third parties.
• With other users: when you choose to share content through the social features of the service.

A note on Lemon Squeezy: because Lemon Squeezy acts as Merchant of Record, your purchase contract is with them, and the processing of payment data is governed by their own terms and policies. We will assist you as far as we can, but billing and tax matters are resolved by Lemon Squeezy.

Vidilec operates from Ecuador and uses providers located in other countries (in particular, the United States). This means your personal information may be transferred to and processed outside your country of residence. Ecuador is not currently the subject of an adequacy decision by the European Commission or the UK Government.

When we transfer data of EEA, UK, or Swiss users outside those regions, we rely on the following safeguards:

• EU–U.S. Data Privacy Framework (DPF), its UK Extension, and the Swiss–U.S. DPF: our U.S. providers — Cloudflare, Auth0 (Okta), and Lemon Squeezy (a Stripe company) — maintain active certifications under these frameworks, which the European Commission has recognized through an adequacy decision.
• Standard Contractual Clauses (SCCs): where the DPF does not apply or ceases to be valid, transfers are protected by the European Commission’s Standard Contractual Clauses (and the UK Addendum or International Data Transfer Agreement, as applicable), incorporated into the data processing agreements we maintain with each provider, together with supplementary measures where necessary.

You may request more information about the safeguards applied to a specific transfer, including a copy of the relevant contractual clauses, through our privacy contact.

We keep your personal information for as long as we have a legitimate need to do so, normally while your account is active and for as long as necessary to provide the service. Afterwards, we may keep certain data for legal reasons. Specific periods depend on the type of data and the purpose of processing. For example:

• Where a legal obligation exists: we keep the data for as long as the law requires (for example, tax records).
• To resolve requests, complaints, or disputes: for as long as they are being handled.
• For security and fraud prevention: for as long as necessary to protect the service and our users.
• For legal claims: for as long as they may be established, exercised, or defended.

If you choose to delete your Vidilec Account, we will delete your personal information within a maximum of 30 days, except for data we must retain for the legal reasons noted above. Note that some copies may remain briefly in automated backups until they are rotated.

We implement reasonable technical and organizational measures, consistent with industry good practice, to protect your personal information against loss, unauthorized access, alteration, or disclosure. No system or transmission over the internet is completely secure, so we cannot guarantee absolute security.

You also play an important role: please keep your login credentials confidential and notify us immediately if you suspect your account has been compromised. This does not relieve Vidilec of its legal obligations to protect your data.

In the event of a security breach affecting your personal data, we will take the necessary steps to contain and assess it, and we will notify you and the competent data-protection authorities where required by applicable law, within the time frames set by that law (for example, within 72 hours of becoming aware of the breach, in the case of notification to the supervisory authority under the GDPR, where applicable).

The service is intended only for individuals over 18 years of age (or the legal age of majority applicable in your country, if higher). We do not knowingly collect personal information from minors. If you are a parent or guardian and believe a minor has provided us with personal data, please contact us and we will delete that information. If we detect that we have collected a minor’s data without the appropriate authorization, we will delete it.

Our service may contain links to third-party websites that we do not operate. This Policy does not cover those sites; we recommend reading their own privacy policies. We are not responsible for the privacy practices of external sites.

Depending on where you are located and subject to applicable legal exceptions, you may have the following rights over your personal information:

• Access: request a copy of the personal data we hold about you.
• Rectification: request that we correct inaccurate or incomplete data.
• Erasure: request that we delete your personal data.
• Portability: receive your data in a structured, commonly used format, or request its transfer, where technically feasible.
• Objection and restriction: object to certain processing or request its restriction.
• Withdrawal of consent: where we process your data with your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal or processing based on another legal basis.
• Authorized agent: submit certain requests through an authorized agent in accordance with applicable law.
• Non-discrimination: not be subject to discriminatory treatment for exercising your rights.
• Appeal: appeal a decision we make about your request.

Automated decision-making: We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

Notice for U.S. residents: We do not sell your personal information, nor do we share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

If you are located in the EEA or the UK, the rights above correspond to those granted by Articles 15 to 22 of the GDPR / UK GDPR (access, rectification, erasure, restriction of processing, data portability, objection, and rights related to automated decision-making), together with the right to withdraw consent under Article 7(3). In addition:

• Direct marketing: where personal data is processed for direct marketing, you may object at any time and we will stop that processing without exception.
• Objection on personal grounds: you may object, on grounds relating to your particular situation, to processing based on legitimate interest; we will stop unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is needed for legal claims.
• Portability scope: the right to portability applies to data you provided to us, processed by automated means on the basis of consent or contract.

EU / UK representative: Do not apply.

You can exercise some rights directly from your account settings. For others, send your request to [email protected], stating your full legal name, your email address, and your city, state/province, and country of residence. We will respond within the period required by applicable law. For EEA and UK users, this means within one month of receiving your request, extendable by two further months for complex or numerous requests, in which case we will inform you of the extension and its reasons within the first month. Exercising your rights is free of charge, except where requests are manifestly unfounded or excessive.

Verification: to protect your information, we may ask you to verify your identity before handling your request.

Authorized agent: if you act through an authorized agent, we may request written authorization and may deny the request if such authorization is not provided.

Appeals: if we deny your request, you may appeal our decision by providing enough information to identify the original request and verify your identity, along with the grounds for your appeal. We will respond as soon as possible.

Complaints to the authority: you have the right to lodge a complaint with the competent data-protection authority. In Ecuador, the Superintendency for Personal Data Protection; in the EEA, the supervisory authority of the Member State of your habitual residence, place of work, or place of the alleged infringement; in the UK, the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns first through our privacy contact.

We may update this Policy from time to time. When we do, we will post the updated version and its effective date on this page, unless the law requires another type of notice. If the changes are material, we will endeavor to notify you with reasonable advance notice. Where permitted by applicable law, using the service after the changes take effect implies your acceptance of the updated Policy; where processing requires your consent, we will request it again.

If you have questions about this Policy or wish to exercise your rights, contact us:

Vidilec — Kevin Steven Morales Castro

Email: [email protected]

Address: Ecuador, Quito, Imbabura, Cotacachi

Website: vidilec.com