Virix Labs is a venture studio building and scaling AI consumer products. We create focused digital tools and grow them through SEO, ASO, and paid acquisition.

What products does Virix Labs build?

We build AI consumer products across various categories, including TunedForYou (AI music), InkOn (AI design), VacateNotice (legal tech), Human Browser (AI automation infrastructure), and Clawster (hosted OpenClaw agent).

How does Virix Labs approach product development?

We follow a data-driven methodology: identify problems with real demand, build focused solutions, launch across multiple channels (SEO, ASO, paid), and scale what works.

Where is Virix Labs based?

Virix Labs is based in the EU and works with customers globally.

Privacy Policy | Virix Labs

1. Introduction

Virix Labs ("we", "us", "our") operates as a venture studio building AI-powered consumer products. We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, store, and share your information when you use any of our products and services, including:

Cherriva — AI companion chatbot
TunedForYou — AI-powered personalized songs
InkOn — AI tattoo visualization
VacateNotice — Legal document generator
Human Browser — AI browser automation infrastructure
Clawster — Hosted OpenClaw AI agent service

This policy applies to all our websites, mobile applications, and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information as described in this policy.

Virix Labs operates under the laws of England and Wales, United Kingdom, and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

The data we collect varies by product:

Cherriva

Email address and account credentials
Chat messages and conversation history
Character preferences and customization data
Payment and subscription information (processed by Stripe)
Telegram ID (if connected)

TunedForYou

Email address
Sender and recipient names
Memories, stories, and personal details shared for song creation
Phone number (optional, for delivery)
Payment information (processed by Stripe)

InkOn

Uploaded photos
Tattoo design preferences and selections

VacateNotice

Property addresses
Lease and tenancy details
Generated documents

Human Browser

Session and usage metadata for automation requests
URLs and domain targets you request via our browser tool
Proxy and integration logs for troubleshooting and abuse prevention

Clawster

Account, payment, and subscription details
Channel identifiers for Telegram/WhatsApp integration
Automation task inputs, execution logs, and results
Optional API keys and model preference settings

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

IP address and approximate location
Device type, operating system, and browser information
Usage patterns and feature interactions
Referral source and pages visited
Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Services
Process payments and manage subscriptions
Generate AI-powered content (songs, images, documents, chat responses)
Send transactional communications (receipts, account updates)
Analyze usage patterns to improve product experience
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

Contract: Processing necessary to fulfill our agreement with you when you use our Services or make a purchase.
Legitimate interests: Analytics, fraud prevention, and service improvement, where our interests do not override your rights.
Consent: Marketing communications, optional cookies, and non-essential data processing. You may withdraw consent at any time.
Legal obligation: Where we are required to process data to comply with applicable law.

5. Third-Party Services

We share data with the following third-party service providers, each under their own privacy policies:

Service	Purpose	Data Region
Stripe	Payment processing	US / EU
Supabase	Database and authentication	EU
PostHog	Product analytics	EU
Vercel	Website hosting	Global (CDN)
Meta / Facebook	Advertising and conversion tracking	US
OpenRouter	AI model routing	US
Wavespeed AI	AI image generation	US
Kie API	AI music generation	US
Telegram	Messaging integration (Cherriva)	Global
Google OAuth	Authentication	US

6. International Data Transfers

Some of our third-party providers are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

UK adequacy decisions for countries with equivalent data protection standards
Standard Contractual Clauses (SCCs) approved by the ICO
Additional technical and organizational measures as appropriate

7. Data Retention

We retain your data for the following periods:

Account data: For the duration of your active account plus 30 days after deletion.
Payment records: 7 years (legal and tax requirements).
Analytics data: 24 months.
Server logs: 90 days.
Generated content (songs, images): Up to 1 year, or until account deletion.

8. Cookies

We use the following types of cookies:

Essential cookies: Required for the Services to function (authentication, session management).
Analytics cookies: PostHog — to understand how users interact with our Services.
Advertising cookies: Meta Pixel — for conversion tracking and ad optimization.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of our Services.

9. Your Rights

Under the UK GDPR, you have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your personal data.
Restriction: Request limited processing of your data.
Portability: Receive your data in a structured, machine-readable format.
Object: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at general@virixlabs.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

10. Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. Cherriva requires users to be at least 18 years of age.

If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete such information.

11. Security

We implement appropriate technical and organizational measures to protect your data, including:

TLS encryption for all data in transit
Encryption at rest for stored data
PCI-DSS compliance through Stripe for payment processing
Access controls and authentication for internal systems

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our Services. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: general@virixlabs.com
Website: virixlabs.com