Privacy Policy

VividGen ("we", "us", or "our") is a web design agency owned and operated by Christopher Wygoda, based in Poland. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website or engage our services.

Because we are located in Poland (European Union), we are subject to the General Data Protection Regulation (GDPR). We also serve clients primarily in the United States and take reasonable steps to comply with applicable US privacy expectations.

1. Who We Are

Data Controller: Christopher Wygoda trading as VividGen

Location: Poland, European Union

Contact: chris@vividgen.io

2. Information We Collect

We collect information in the following ways:

a) Information you provide directly

• Full name
• Email address
• Phone number (optional)
• Business name or project description
• Any other information you include in your message to us

This data is submitted when you fill out the contact form on our website.

b) Information collected automatically

• IP address and approximate location
• Browser type and version
• Pages visited and time spent on the site
• Referring URL

This data is collected via standard server logs and, if applicable, analytics tools. We do not use invasive tracking technologies.

3. How We Use Your Information

We use the information we collect to:

• Respond to your inquiry and communicate about your project
• Provide, manage, and deliver our web design services
• Send project-related updates, invoices, and documentation
• Improve our website and understand how visitors use it
• Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

• Legitimate interest — when you submit a contact form, we have a legitimate interest in responding to your inquiry.
• Contract performance — once you engage our services, processing your data is necessary to deliver the project.
• Legal obligation — we may retain certain records (e.g. invoices) as required by Polish tax and accounting law.

5. Third-Party Services

We use a limited set of trusted third-party services to operate our website:

• Resend — used to deliver contact form submissions to our inbox. Your name, email, phone, and message are transmitted through Resend's infrastructure. Resend is SOC 2 compliant. Resend Privacy Policy →
• Netlify — our website is hosted on Netlify, which processes server request data. Netlify Privacy Policy →

These processors only handle data as instructed by us and are bound by appropriate data processing agreements.

6. Data Retention

We retain contact form data for as long as necessary to respond to your inquiry and manage any resulting project relationship — typically no longer than 3 years after our last interaction, unless a longer retention period is required by law (e.g., financial records required under Polish accounting regulations).

You may request deletion of your data at any time (see Section 7).

7. Your Rights

Under the GDPR, if you are located in the EU/EEA, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restriction — request that we limit how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests

US-based clients also have rights under applicable state privacy laws (e.g. California CCPA/CPRA). We honor equivalent access, deletion, and opt-out rights for all users regardless of location.

To exercise any of these rights, email us at chris@vividgen.io. We will respond within 30 days.

8. International Data Transfers

Our business is based in Poland (EU). If you are located in the United States, your data will be transferred to and processed within the EU. The EU provides strong data protection standards under the GDPR, which we consider sufficient protection for your personal data.

Any third-party processors we use (see Section 5) that are based outside the EU operate under Standard Contractual Clauses or equivalent safeguards as required by GDPR Article 46.

9. Cookies

Our website uses only essential technical cookies necessary for the site to function. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies that require consent under the ePrivacy Directive.

10. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website is served over HTTPS. Contact form data is transmitted via Resend's encrypted infrastructure.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Complaints

If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the Polish data protection supervisory authority:

14. Contact Us

For any questions about this Privacy Policy or your personal data, contact: