1. Who We Are
Vinc is a digital business card and lead capture platform operated by Nedax d.o.o., a company registered in Bosnia and Herzegovina (“we”, “us”, “our”). Our platform is accessible at getvinc.com.
For any privacy-related questions, contact us at: privacy@getvinc.com
2. Data We Collect
We collect two categories of data:
Account Holders (Vinc Users)
- Name, email address, and password (hashed)
- Profile data you enter: photo, job title, company, phone, social links
- Billing information (processed by our payment provider; we do not store card numbers)
- Usage data: logins, card views, QR scans, lead submissions received
- Device and browser information for security and analytics
Card Visitors (People Who Scan a Vinc Card)
- Name, email, phone number, only if voluntarily submitted via a lead form
- Approximate geolocation (city/country level, derived from IP)
- Device type, browser, and referral source (UTM parameters)
- Scan timestamp
Visitor data is stored in the card owner's isolated tenant environment and is not shared with other users.
3. How We Use Your Data
- To provide the service: Rendering your digital card, processing lead submissions, sending automated follow-up emails on your behalf.
- To improve the platform: Aggregate, anonymised analytics to understand how features are used.
- To communicate with you: Transactional emails (password resets, billing receipts, support replies). We do not send marketing emails without explicit opt-in.
- To comply with law: Where required by applicable law or regulation.
4. Data Isolation
Each Vinc account operates in an isolated tenant environment. Your leads, analytics, and card data are never visible to other Vinc users. Employees of Nedax d.o.o. access tenant data only when required for technical support, and only with your permission.
5. Third-Party Services
We use the following third-party processors. Each operates under its own privacy policy:
- Supabase - database and authentication hosting (EU region)
- Vercel - application hosting and edge delivery
- Monri / WebPay - payment processing (we never see full card numbers)
- HubSpot / Odoo - optional CRM integration, activated only by you
We do not sell your data to third parties. Ever.
6. Cookies
We use strictly necessary cookies for authentication sessions. We use no advertising cookies and no third-party tracking pixels. Analytics are first-party and anonymised.
7. Data Retention
- Account data is retained while your account is active.
- On account deletion, all personal data is purged within 30 days.
- Billing records are retained for 7 years as required by Bosnian commercial law.
- Lead data (visitors who submitted forms) is retained until you delete it or your account is closed.
8. Your Rights (GDPR)
If you are located in the European Economic Area, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data (“right to be forgotten”)
- Restrict or object to processing
- Data portability (export your data in machine-readable format)
- Lodge a complaint with a supervisory authority
To exercise any of these rights, email us at privacy@getvinc.com. We will respond within 30 days.
9. Security
We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and row-level security policies on our database. Passwords are never stored in plaintext. We conduct regular security reviews.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to account holders. Continued use of Vinc after the effective date constitutes acceptance of the updated policy.