Privacy Policy

Last updated: July 2026. Plain English, because that’s the whole product philosophy.

The short version

Your brand content lives in your browser, not on our servers. The on-device headshot treatments never upload your photo. AI portraits are opt-in: only if you choose to generate them are your selfies sent to our image provider (Google) to create your portraits — they aren’t stored afterwards. Text and images you submit aren’t used to train anything. We run no advertising trackers.

1. What we collect and why

Content you type — your role, goals, headline, About text, and posts you paste — is sent to our servers only at the moment you request a generation or audit, solely to produce your output. We do not store this content in a database; it passes through and comes back as your result.

Your photo — the headshot treatments run entirely on your device using browser image effects; those photos are never uploaded. AI portraits are opt-in and different: if you choose to generate them, the selfies you upload are sent to our image provider (Google) purely to produce your portrait options, and you tick a consent box before this happens. We don’t store your selfies or the generated portraits on our servers — they’re processed in the moment and returned to your browser.

Locally stored data — your strategy, generated assets, and access code are saved in your browser’s local storage so your work survives reloads. This data sits on your device; we cannot see it. Clearing your browser storage deletes it.

Technical basics — our hosting provider (Vercel) processes IP addresses and standard request logs to serve and secure the site, and we use IP addresses transiently to rate-limit the free audit. We do not run advertising or cross-site tracking cookies.

2. AI processing

Text generations and audits are produced by Anthropic’s Claude API. AI portraits are produced by Google’s Gemini API. Content you submit is processed by the relevant provider to return your result, subject to that provider’s commercial API terms, under which API inputs and outputs are not used to train their models. We recommend not submitting sensitive personal information (health, financial details, government identifiers) — a branding tool doesn’t need it.

3. What we don’t do

We don’t sell or share your information for marketing. We don’t access your LinkedIn account — the Service has no connection to LinkedIn; you copy and paste content yourself. We don’t build advertising profiles. We don’t store your generated content server-side during the beta.

4. Data retention

Because content isn’t stored in our systems, there is nothing for us to retain or delete beyond transient processing and standard infrastructure logs held by our providers for security purposes. Data on your device is under your control at all times.

5. Overseas disclosure

Our infrastructure providers (Vercel, Anthropic, and Google for AI portraits) process data in the United States and other regions where they operate. By using the Service you acknowledge this processing.

6. Your rights

Under the Australian Privacy Act you may request access to or correction of personal information we hold. Given our architecture, we typically hold none beyond transient logs — but ask and we’ll confirm what exists. Complaints can also be directed to the Office of the Australian Information Commissioner (oaic.gov.au).

7. Children

The Service is intended for professionals and is not directed at anyone under 18.

8. Changes

If our data practices change — for example, when accounts and payments launch and some server-side storage becomes necessary — this policy will be updated first, with the changes explained in plain language.

9. Contact

Vestry Technology Pty Ltd (ABN 15699575034) · office@getvestry.ai

Terms of Service · Home