Last updated · 09 May 2026

Privacy Policy

How Viral Ventures LLC handles personal data on this website and across our products — Promptomize, ProEstimate AI, Piggly, Interview Ace, and MyAutoWhiz.

Effective 09 May 2026 · Version 2.0

Plain-English summary. Viral Ventures LLC is a one-person studio. We collect the minimum personal data we need to run this website, reply to inquiries, and operate our products. We don’t sell or rent personal data, we don’t run advertising trackers, and we don’t profile users for marketing. Each product has a focused data flow described below; some products send data to named third-party processors (for example, Apple, Google, OpenAI) where it is necessary for the feature to work. You have rights over your data, and you can reach us at privacy@viral-ventures-llc.com.

1. About this policy

This policy explains how Viral Ventures LLC (“Viral Ventures,” “we,” “us,” “our”) collects, uses, shares, and protects personal data when you visit viral-ventures-llc.com (the “Site”) or use our software products (each, a “Product,” and together with the Site, the “Services”).

Viral Ventures LLC is a Minnesota limited liability company. For the purposes of the EU and UK General Data Protection Regulations, Viral Ventures LLC is the “controller” of personal data described in this policy unless we explicitly state we are acting as a “processor” on behalf of a business customer (for example, an enterprise pilot of Promptomize). Our principal point of contact for privacy is the email address in Section 17.

2. Scope

This policy applies to:

  • The Site, including the inquiry form on the homepage and the static content under /products and /writing on viral-ventures-llc.com.
  • Our products: Promptomize, ProEstimate AI, Piggly, Interview Ace, and MyAutoWhiz.
  • Email and other communications you send us, including project inquiries, support requests, and bug reports.

This policy does not cover:

  • Third-party websites or services we link to. Their privacy practices are governed by their own policies.
  • App stores you use to obtain our mobile apps (for example, the Apple App Store), which separately collect data under their own terms.
  • Engagements performed under a separate written contract, where a bespoke data processing agreement (DPA) and statement of work govern the data handling for that engagement.

3. Personal data we collect

We hold ourselves to a data-minimization standard: we collect only what we need for a specific, stated purpose. The categories below are exhaustive for the Services.

3.1 Site (viral-ventures-llc.com)

  • Inquiry form data: name, email address, project type, budget range, timeline, and the message you choose to share. Submitted through POST /api/inquiry.
  • Server logs: standard request metadata captured by our hosting provider (Vercel) for security, abuse prevention, and reliability — typically IP address, user-agent, request path, status code, and timestamp.
  • Anti-abuse signals: a per-IP rate-limit counter that lives in the function’s in-memory state for the duration of a sixty-second window. A hidden “honeypot” field on the form is checked to silently drop automated submissions.

The Site does not run analytics, advertising trackers, social-media pixels, or session-replay tools. It loads webfont assets from Google Fonts (see Section 13).

3.2 Promptomize

Promptomize is a supervised model that rewrites prompts and projects accuracy lift on a held-out evaluation set.

  • Account data (where applicable): name, work email, organization name, billing address.
  • Workspace content: prompts you submit, evaluation tuples (input + golden output) you upload, candidate rewrites, and the scores produced against your eval set.
  • API credentials for the LLM backends you choose to evaluate against (for example, OpenAI, Anthropic, Google, or self-hosted endpoints). These are stored encrypted at rest and used only to run the evaluations you initiate.
  • Operational telemetry: request timings, error codes, and aggregate cache-hit metrics. This telemetry is keyed on workspace identifiers and excludes the content of prompts and evaluation data.

You may treat workspace content as “business confidential”; we do so by default. We do not use your prompts, evaluations, or API outputs to train Promptomize or any other model unless you separately and affirmatively opt in to a research program.

3.3 ProEstimate AI

ProEstimate AI lets you photograph a room and receive an AI render of a proposed remodel along with a line-itemed cost estimate.

  • Photos and video frames you capture for an estimate, including camera metadata necessary for room and surface detection.
  • Project metadata: room type, target style, budget tier, optional location data (city or ZIP) used to apply regional labor and material pricing.
  • Render and estimate outputs: the AI-generated image and the line-item cost breakdown returned to you.
  • Account and subscription data (Apple ID-linked subscription receipt, RevenueCat user identifier, transaction history). Apple holds your payment instrument; we do not receive credit-card numbers.
  • Diagnostic data: app crash logs and basic device information (model, OS version) where you have permitted iOS to share them with developers.

3.4 Piggly

Piggly is a focused iPhone budgeting app. By design it is local-first.

  • Local data: spend entries, categories, monthly goals, recurring-charge flags, and CSV imports remain on your device in the SwiftData store. We never see this data unless you explicitly opt in to optional sync.
  • Optional sync metadata (only if you create an account): an account identifier, an end-to-end encryption key reference, and timestamps used to merge changes across your devices. We do not have plaintext access to synced records.
  • Subscription data: Apple ID-linked subscription receipt and StoreKit 2 transaction identifiers for the paid tier.
  • Diagnostic data: optional, opt-in crash reporting that excludes financial content.

3.5 Interview Ace

Interview Ace runs a realistic mock interview over voice and produces a study plan from the recording.

  • Account data: email address, target role, and self-reported experience level used to select the right rubric and question bank.
  • Voice audio captured during a live mock session. Audio is streamed to the OpenAI Realtime API for synchronous interviewer behavior and transcription, and stored on our servers in compressed form so you can replay sessions and the AI can score answers post-session.
  • Transcripts and rubric scores, including per-answer feedback (clarity, structure, evidence, technical accuracy) and the resulting study plan.
  • Subscription data: Apple ID-linked subscription receipt and StoreKit 2 transaction identifiers.
  • Diagnostic data: optional, opt-in crash and performance data.

3.6 MyAutoWhiz

MyAutoWhiz is a vehicle intelligence platform with an audio-diagnostic mode.

  • Audio recordings captured during guided diagnostic prompts (cold start, idle, slow roll, lock-to-lock turning, brake events). Recordings are uploaded to our backend for inference and history.
  • Vehicle profile data you provide: year, make, model, trim, mileage, and prior repairs you choose to log.
  • Inference output: the ranked list of likely causes and the triage checklist returned to you.
  • Account data: email address and a per-vehicle history identifier.
  • Subscription data: Apple ID-linked subscription receipt and StoreKit 2 transaction identifiers.

3.7 Categories of personal information (CCPA / CPRA)

For California residents, the personal information we have collected in the past twelve months falls into the following CCPA/CPRA categories: identifiers (name, email, account ID, IP address); internet or other electronic network activity information (server logs, app diagnostic events); commercial information (subscription receipts and transaction identifiers); audio, visual, or similar information (room photos for ProEstimate AI, voice recordings for Interview Ace, vehicle audio for MyAutoWhiz); professional information (target role and experience level for Interview Ace); and inferences drawn from the above to deliver the requested feature (for example, audio classifications). We do not collect Social Security numbers, government IDs, precise geolocation, biometric identifiers, health records, or financial-account numbers.

4. Where data comes from

We collect data from three sources: directly from you (form submissions, account creation, content you choose to upload or record); automatically (server logs, anti-abuse signals, opt-in diagnostic telemetry); and from a small number of service providers acting on our behalf (for example, payment status from Apple via RevenueCat for ProEstimate AI). We do not buy personal data from data brokers and we do not enrich profiles from third-party sources.

5. Why we process data and our lawful basis

We process personal data only for the purposes listed below. For users in the European Economic Area, the United Kingdom, and Switzerland, the right-hand column states the GDPR/UK GDPR lawful basis we rely on.

  • Provide and operate the Services. Authenticate accounts, deliver requested features, save your work, and run subscriptions. Lawful basis: performance of a contract; legitimate interests (running our business).
  • Communicate with you. Reply to inquiries, send service notices, and respond to support requests. Lawful basis: performance of a contract; legitimate interests.
  • Secure the Services. Detect and prevent fraud, abuse, and unauthorized access; rate-limit; investigate incidents. Lawful basis: legitimate interests; legal obligation.
  • Improve the Services. Diagnose crashes, fix bugs, and measure feature performance using opt-in or aggregate signals. Lawful basis: legitimate interests, with consent where required.
  • Comply with law. Meet tax, accounting, and other legal obligations; respond to lawful requests. Lawful basis: legal obligation.
  • Defend our legal rights. Establish, exercise, or defend legal claims. Lawful basis: legitimate interests; legal claims.

We do not use personal data for behavioral advertising and we do not engage in solely-automated decision-making with legal or similarly significant effects on you.

6. Service providers and subprocessors

We use a tightly scoped set of third-party providers. Each is bound by a written agreement that limits its use of personal data to providing the contracted service.

  • Vercel Inc. — hosts the Site and runs our serverless functions. Receives request logs and inquiry-form submissions in transit.
  • Resend, Inc. — transactional email provider used to deliver inquiry-form submissions to our inbox. Receives the contents of the inquiry as the email body.
  • Google LLC (Google Fonts) — serves the Poppins, Manrope, and JetBrains Mono webfont files. May receive your IP address and user-agent as part of standard CDN logs.
  • Apple Inc. — App Store distribution, App Store Connect, StoreKit 2 purchase processing, and (where you enable it) crash reporting. Apple is the seller of record for App Store transactions.
  • RevenueCat, Inc. — subscription state and entitlement management for ProEstimate AI. Receives App Store subscription receipts and a pseudonymous user identifier.
  • Google LLC (Gemini API, “Nano Banana” image model) — used by ProEstimate AI to generate the remodel render from your room photo and prompt.
  • OpenAI, L.L.C. (Realtime API) — used by Interview Ace to power the live voice interviewer, transcription, and per-answer scoring. Audio and transcript data are processed under OpenAI’s API data-handling terms and are not used to train OpenAI models.
  • Modal Labs, Inc. — GPU compute for Promptomize’s rewrite endpoints.
  • Cloud database and object-storage providers — encrypted-at-rest persistence for product backends. We use reputable infrastructure providers under standard data processing terms.

We may add or replace subprocessors as our infrastructure evolves. If we make a material change to the categories of subprocessors used for a Product, we will update this section. A current subprocessor list and copies of the relevant data processing terms are available on request to privacy@viral-ventures-llc.com.

7. Sharing and disclosure

We share personal data only as described in this policy:

  • With service providers listed in Section 6, under written agreements that restrict their use of the data.
  • For legal reasons, including to comply with a valid subpoena, court order, or other lawful request; to enforce our terms; or to protect the rights, property, or safety of Viral Ventures, our users, or the public. Where lawful and not prohibited by the requesting authority, we will notify you in advance.
  • In a business transaction: if Viral Ventures undergoes a merger, acquisition, financing, or sale of assets, personal data may be transferred to the successor entity, subject to confidentiality and a continuation of the protections in this policy.
  • With your direction: when you ask us to share data with a third party (for example, exporting your data to a tool you control).

We do not sell personal data, and we do not “share” personal data for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act. We have not done so in the past twelve months.

8. International data transfers

Viral Ventures LLC is based in the United States, and our service providers are predominantly U.S.-based. If you access the Services from outside the United States, your personal data will be transferred to and processed in the United States and other jurisdictions where our service providers operate. The data-protection laws of those jurisdictions may differ from those of your home country.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards under Articles 44–49 of the GDPR, including the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) where required by our service-provider agreements. You may request a copy of the relevant safeguard from privacy@viral-ventures-llc.com.

9. Data retention

We retain personal data only as long as needed for the purpose it was collected for, plus a reasonable archival period to comply with legal, tax, accounting, and audit obligations and to defend potential claims.

  • Inquiry-form submissions: retained in our email archive for up to 24 months from receipt; thereafter deleted on a rolling basis.
  • Server logs: retained for up to 30 days, except where a longer period is required to investigate a security incident.
  • Promptomize workspace content: retained for the life of the workspace and deleted within 30 days of workspace closure, subject to backup-rotation periods of up to 90 days.
  • ProEstimate AI photos and outputs: photos are retained for the life of the project on your account; you can delete a project at any time, and deleted projects are purged from primary storage within 30 days.
  • Piggly synced data (only if you enable sync): retained for the life of your account; deleted within 30 days of account closure.
  • Interview Ace recordings, transcripts, and study plans: retained for the life of your account; you can delete an individual session at any time, and deleted sessions are purged within 30 days.
  • MyAutoWhiz audio recordings and per-vehicle history: retained for the life of the vehicle profile; you can delete a recording or a vehicle at any time, and deleted records are purged within 30 days.
  • Subscription and tax records: retained for at least seven (7) years to meet tax-recordkeeping obligations.

Encrypted backups follow standard rotation schedules and are overwritten in the ordinary course; a record may persist in a backup for a short period after deletion from primary storage.

10. How we protect data

We design for least-privilege and defense-in-depth. Concrete measures include:

  • Transport security. All Site and Product traffic is served over HTTPS with HSTS preload (max-age=63072000; includeSubDomains; preload).
  • Encryption at rest. Data stored in product databases and object storage is encrypted at rest by the underlying provider. API credentials submitted to Promptomize are additionally encrypted at the application layer.
  • Strict Content Security Policy on the Site to prevent injection of unauthorized scripts. X-Frame-Options: DENY, X-Content-Type-Options: nosniff, and a tightly scoped Permissions-Policy block embedding, sniffing, and unwanted device APIs.
  • Input validation. Every external input is validated at the boundary using Zod schemas; malformed payloads are rejected with structured error codes.
  • Anti-abuse. A token-bucket rate limit and a honeypot field protect the inquiry endpoint; failed submissions return without disclosing the rejection reason.
  • Access control. Production access is restricted to the principal of Viral Ventures, behind multi-factor authentication, with credentials rotated on a schedule and after any suspected compromise.
  • Logging hygiene. Personally identifying fields are redacted from operational logs; we do not log inquiry-message bodies, prompt content, transcripts, or photo content at “info” level.
  • Dependency hygiene. Production dependencies are kept minimal, pinned in lockfiles, and reviewed weekly via Dependabot alerts and npm audit.

No system is perfectly secure. If we discover a personal-data breach affecting you, we will notify you and the relevant authorities as required by law.

11. Your rights

Subject to verification of your identity and any limitations the law allows, you can exercise the following rights with respect to your personal data.

11.1 Rights for residents of the EEA, the UK, and Switzerland

  • Access — obtain confirmation of whether we process your data and a copy of it.
  • Rectification — correct data that is inaccurate or incomplete.
  • Erasure — request deletion where the law requires it.
  • Restriction — ask us to limit processing while a dispute is resolved.
  • Portability — receive a machine-readable copy of data you provided to us, where the processing is based on consent or contract.
  • Objection — object to processing based on our legitimate interests; we will reassess and stop processing unless we have compelling lawful grounds.
  • Withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
  • Lodge a complaint — with your local data protection authority. We’d appreciate the chance to address your concern first.

11.2 Rights for California residents (CCPA / CPRA)

  • Right to know the categories of personal information collected, the sources, the purposes, and the categories of recipients.
  • Right to delete personal information, subject to statutory exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell personal information and we do not share it for cross-context behavioral advertising.
  • Right to limit the use of sensitive personal information. We do not use sensitive personal information for purposes beyond those for which it was provided.
  • Right to non-discrimination for exercising your privacy rights.
  • Authorized agent: you may use an authorized agent to make a request, with written permission and identity verification.

11.3 Rights for residents of other U.S. states

Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states with applicable consumer-privacy laws may exercise comparable rights of access, deletion, correction, and (where the law applies) opt-out of targeted advertising, sale of personal data, or profiling. We honor verifiable consumer requests as required by the applicable state law.

11.4 How to exercise your rights

Send a request to privacy@viral-ventures-llc.com with the subject line “Privacy Request” and a brief description of what you’d like us to do. We will acknowledge within 10 business days and respond within the period required by the applicable law (typically 30–45 days, extendable for complex requests with notice). We may need to verify your identity by matching information you provide against information we already hold; we will not use that information for any other purpose.

If we deny your request, we will explain why and inform you of the relevant appeal route.

12. Children’s privacy

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EEA), and we do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, please contact privacy@viral-ventures-llc.com and we will delete it promptly.

13. Cookies and similar technologies

The Site does not set first-party tracking cookies and does not load third-party analytics, advertising, or social-media trackers. The only categories of cookies you may encounter on the Site are:

  • Strictly necessary session cookies set by our hosting provider for security and routing. These are not used for analytics or marketing.

The Site loads webfont CSS and woff2 files from Google Fonts. Google may receive your IP address and user-agent as part of standard CDN request logs. Google’s handling of this information is governed by the Google Privacy Policy.

Within our products:

  • iOS apps (ProEstimate AI, Piggly, Interview Ace, MyAutoWhiz) use Apple-managed identifiers (for example, IDFV, the App Store account receipt) for legitimate operational purposes such as subscription entitlement and crash reporting. We do not use IDFA for advertising and we do not request App Tracking Transparency permission for cross-app tracking.
  • Promptomize uses first-party cookies and local storage for authentication and session continuity. It does not use cookies for behavioral advertising.

14. Do Not Track and Global Privacy Control

Because we do not engage in cross-site tracking or sale of personal data, browser-level signals such as Do Not Track (DNT) and the Global Privacy Control (GPC) do not change our processing on the Site. Where state law treats GPC as an opt-out signal for the “sale” or “sharing” of personal information, our default behavior already complies.

15. Marketing communications

We do not send unsolicited marketing email. If you submit the inquiry form, we will reply to your message; we will not add you to a newsletter or marketing list. If we ever introduce a Product newsletter, it will be opt-in only and every email will include an unsubscribe link that takes effect immediately.

16. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent change. Material changes — for example, new categories of personal data, new subprocessors that introduce new risk, or changes to your rights — will be highlighted in a banner on the Site for at least thirty (30) days, and where we have your email address we will send you a notice. Continued use of the Services after the effective date of the change constitutes your acknowledgement of the updated policy.

17. Contact us

For privacy questions, requests, or complaints:

Viral Ventures LLC
Attn: Privacy
Minneapolis, Minnesota, USA
Email: privacy@viral-ventures-llc.com
General contact: hello@viral-ventures-llc.com

If you are in the EEA, the UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority. We’d appreciate the chance to address your concerns first.

← Home