Privacy policy.

Last updated 12 July 2026 · Monomedialab, Spain

This policy explains how Monomedialab ("vizt", "we") processes personal data as the data controller, in accordance with the EU General Data Protection Regulation (GDPR). It applies to studio account holders and their invited team members, and — for the specific data generated through client links — to the clients a studio shares a project with.

1. Who we are

Monomedialab, established in Spain, operating vizt. Contact for any privacy question or to exercise your rights: hello@monomedialab.com.

2. What we collect

Account data — studio/contact name, email address, a securely hashed password (never stored in plain text), optional logo and brand colour, chosen plan.

Project content — the 3D model files, images and project names you upload, and the site coordinates you place a project at.

Client-side data, collected on your behalf — when you create a share link: the link's open count, approximate engagement (time spent, on-site/tour mode usage), and any notes a client chooses to pin, including an optional name they type in themselves. Clients aren't asked to register or give us their email.

Technical data — a session cookie that keeps you signed in (HttpOnly, secure, expires after 30 days), and IP addresses processed transiently to rate-limit login and password-reset attempts (kept only for the duration of the rate-limit window, typically minutes).

We don't run ad trackers, don't use third-party analytics, and don't buy or sell personal data.

3. Why we process it, and on what legal basis

To provide the account and service you signed up for (performance of a contract, GDPR Art. 6(1)(b)) — hosting your projects, rendering the viewer, sending share links. To keep the service secure, including rate-limiting and abuse prevention (legitimate interest, Art. 6(1)(f)). To send transactional email you've enabled, such as password resets or note/open notifications (contract performance / legitimate interest). Where required, to comply with legal obligations such as accounting records once billing is live.

4. Cookies

vizt uses one first-party session cookie to keep you signed in, and, if you open a password-protected share link, a second cookie that remembers you passed the password gate. Neither is used for tracking or advertising, and no cookie banner consent is required for these strictly-necessary cookies under EU ePrivacy rules.

5. Who we share data with

We use a small number of processors strictly to run the service: our hosting provider (Hetzner, Germany) for servers and storage, and a transactional email provider to send account and notification emails. Each acts under our instructions and is bound by data-processing obligations; none uses your data for their own purposes. We never sell, rent or license personal data to third parties.

6. International transfers

All infrastructure is hosted within the EU (Germany). We don't transfer personal data outside the European Economic Area.

7. How long we keep it

Account and project data is kept for as long as your account is active. Deleting your account from Settings erases your studio, projects, models, links and client notes immediately and permanently — this includes removal from our encrypted backups on their next rotation cycle. Rate-limit tracking data is kept for minutes, not stored persistently.

8. Security

Passwords are hashed with bcrypt and never stored or logged in plain text. All traffic is encrypted in transit (HTTPS/TLS). Session cookies are HttpOnly and marked Secure. Backups are encrypted at rest. Access to production systems is limited to the people operating the service.

9. Your rights

Under GDPR you have the right to access the personal data we hold about you, rectify inaccurate data, request erasure, restrict or object to processing, and port your data to another provider. You can exercise most of these yourself: edit your details in Settings, or delete your account outright, which erases everything immediately. For anything else, email hello@monomedialab.com and we'll respond within one month. If you're not satisfied with our response, you can lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

10. Children

vizt is a professional tool for architecture studios and is not directed at, or knowingly used to collect data from, children under 16.

11. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced by email to the address on your account before they take effect.

12. Contact

hello@monomedialab.com — for any question about this policy or your data.

This document is provided as a good-faith, plain-language GDPR policy for a live beta product. If you need it adapted for a specific jurisdiction, sub-processor list, or corporate structure, have it reviewed by qualified legal counsel.

← back