Vinny Privacy Policy

Last updated: November 25, 2025

We designed Vinny so that your account information, documents, and sensitive content stay private and secure, and are not used to train Vinny's underlying AI models or large language models ("LLMs").

In plain language:

Your account data (e.g., name, email, subscription details) is used only to run and support your account.
Your documents, prompts, and chats are used only to power your interactions with Vinny, provide support, and improve the service's performance and reliability at a system level - not to train base AI models.
We do not use your data to train or finetune third-party foundation models or our own general-purpose foundation models.

This Privacy Policy explains how we collect, use, and share information when you use Vinny, our professional legal AI chat assistant and subscription service, available via our website and mobile apps (the "Services"). It also explains your privacy rights and how to contact us.

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

For information about the terms upon which we do business, please also read our Terms of Use.

Key Terms
Personal Information We Collect About You
How and Why We Use Your Personal Information
How We Treat Inputs and Outputs to Vinny
Cookies, Analytics & Tracking Technologies
Universal Opt-Out Mechanisms
Who We Share Your Personal Information With
How Long We Keep Your Personal Information
International Data Transfers
Supplemental U.S. State-Specific Privacy Rights
Supplemental Information for Persons in the EEA and UK
Keeping Your Personal Information Secure
Children Under the Age of 16
Changes to This Privacy Policy
How to Contact Us

1. Key Terms

Vinny, we, us, our - Vinny is a professional legal AI assistant and subscription service operated by S1 Media, LLC, a Delaware limited liability company, together with its subsidiaries and affiliates (collectively, "we," "us," or "our").

Services - This Privacy Policy applies to:

Our websites and web apps that link to this Privacy Policy;
Our mobile applications that link to this Privacy Policy; and
Related tools, features, and services offered through those channels, including the Vinny legal AI chat assistant and related subscription plans.

This Privacy Policy does not apply to websites, apps, or services that do not display or link to it, or that have their own privacy policies.

Personal Information - Any information relating to an identified or identifiable individual (or household, where applicable), including information that can reasonably be linked to that individual (directly or indirectly).

You, your - The individual to whom the Personal Information relates, including visitors, free users, trial users, and paid subscribers of the Services.

2. Personal Information We Collect About You

The Personal Information we collect depends on how you use the Services (e.g., as a website visitor, free user, or paid subscriber).

2.1 Information You Provide to Us Directly

We may collect:

Account and profile information:

Name, email address, password or authentication credentials;
Role, company name, and practice area or industry focus (if you choose to provide it);
Preferences (e.g., notification settings, language, and interface preferences).

Plain language: we need this information to create and manage your account and to give you a tailored, professional experience.

Subscription and billing information:

Billing name, contact details, and billing address;
Payment details processed via our payment processor (e.g., last four digits of card, transaction IDs, subscription tier, billing history).

We do not store full payment card numbers; these are collected and processed on our payment provider's systems.

Content you submit to Vinny ("User Content"):

Prompts, questions, instructions, and feedback you enter into the chat;
Documents, contracts, policies, or other materials you upload for analysis or drafting support;
Metadata associated with that content (e.g., filenames, timestamps, document type).

User Content may contain Personal Information about you or others, depending on what you choose to submit.

Plain language: this is the work product you bring to Vinny—your drafts, templates, questions, and documents. We treat this as highly confidential.

Communications with us:

Information in emails, in-app messages, or other communications (including support tickets and feedback);
Information you provide in surveys, beta programs, webinars, or marketing signups.

Employment-related information (if you apply to work with us):

CV/resume, contact details, work history, and other information you choose to submit in connection with recruitment.

2.2 Information We Collect Automatically

When you use the Services, we may automatically collect:

Usage and log information:

Date and time of access, pages viewed, features used, session duration;
Clickstream data, referral URLs, and in-app navigation;
Chat usage metrics (e.g., number of messages, features accessed, error rates).

Device and technical information:

IP address, device type, device identifiers, operating system, browser type and version, app version, and language;
Mobile device identifiers, mobile operating system, and network provider;
Crash logs and diagnostics to help us debug and improve performance.

Approximate location information:

Country, region, or city inferred from your IP address or app configuration (for things like localization, fraud prevention, and legal compliance).

We do not collect precise GPS location unless you explicitly enable a feature that requires it, in which case we will explain at the point of collection.

2.3 Information Collected via Cookies and Similar Technologies

We use cookies, SDKs, and similar technologies to:

Authenticate you and keep you logged in;
Remember your preferences and settings;
Understand how the Services are used;
Improve performance and security; and
In limited cases, support marketing and measurement (subject to applicable consent requirements).

More detail is provided in the Cookies, Analytics & Tracking section below.

2.4 Information from Third Parties

We may receive:

Identity, contact, and account information from:

Single sign-on providers or authentication services (if enabled for your account);
Business partners, resellers, or referral partners;
Enterprise customers (e.g., when your employer provisions you with a Vinny account).

Billing and payment information from payment processors.

Analytics and marketing information from analytics and marketing partners (aggregated or pseudonymized where possible).

Where we combine third-party data with data we collect, we will treat the combined data as Personal Information as long as it remains identifiable.

3. How and Why We Use Your Personal Information

We use your Personal Information only for the purposes described in this Privacy Policy (or for compatible purposes). If you choose not to provide certain Personal Information, some features of the Services may not be available or may not function properly.

Plain language: we use your information to run Vinny, keep it secure and reliable, provide support, and meet legal obligations. We do not repurpose your confidential content to build unrelated products or train generic AI models.

We will obtain your consent where required by applicable law, and you can withdraw your consent at any time (this will not affect the lawfulness of processing before withdrawal).

4. How We Treat Inputs and Outputs to Vinny

Because Vinny is an AI-powered assistant, it relies on your prompts and uploaded content to generate responses. Confidentiality is central to how we handle that content.

4.1 User Content (Inputs)

"User Content" includes:

Prompts, questions, and instructions you submit;
Documents, contracts, and other files you upload;
Any Personal Information you choose to include in that content.

We use User Content to:

Provide you with responses and related functionality;
Maintain your conversation history and workspace (if enabled);
Improve and troubleshoot the Services (e.g., to debug issues, enhance accuracy, prevent abuse), as permitted by applicable law and your organization's settings (for enterprise customers).

No training on your data:

We do not use your User Content to train or finetune (a) third-party foundation models or (b) our own general-purpose foundation models used across customers.

Where we work with third-party AI providers, we contractually prohibit them from using your data to train or improve their models for the benefit of other customers.

We may use aggregated or de-identified signals (for example, error rates, latency, or feature usage patterns) to improve service quality, but these do not reveal the underlying confidential content.

If you are using Vinny under an enterprise or team agreement, additional terms and configuration options about how your content is handled may apply. Those terms will control in the event of any conflict with this general description.

You are responsible for ensuring that any User Content you submit complies with applicable laws and internal policies, including confidentiality obligations. We encourage you to remove or obfuscate unnecessary personal or highly sensitive data in prompts and uploads wherever feasible.

4.2 Outputs

"Outputs" are the responses generated by Vinny based on your inputs and system prompts.

We may store Outputs in your account so that you can review prior conversations and drafts.
We may review Outputs (together with related inputs) in limited circumstances to improve quality, safety, and reliability of the Services, subject to strict access controls and, where applicable, enterprise configurations.
Outputs may sometimes be similar for different users if similar prompts are submitted. Outputs are not treated as confidential or unique to any one user unless otherwise agreed in a separate contract.

Plain language: prompts in, answers out - both are treated as confidential within your account and are not fed back into generic model training pipelines.

5. Cookies, Analytics & Tracking Technologies

We use the following types of technologies:

Strictly necessary cookies – Required for core functionality (e.g., sign-in, security, load balancing).
Functional cookies – Remember your preferences (e.g., language, layout).
Analytics cookies/SDKs – Help us understand how the Services are used and improve performance.
Marketing and measurement technologies – In limited cases, to understand how our marketing performs and to tailor messages (subject to applicable consent obligations).

You can control cookies through:

Your browser or device settings;
In-app settings or cookie preferences (where available); and
Opt-out tools provided by analytics or marketing partners, where applicable.

If you disable or reject certain cookies, some parts of the Services may not function properly.

6. Universal Opt-Out Mechanisms

Our web-based Services recognize the Global Privacy Control ("GPC") signal. If you use a browser or extension that sends a GPC signal, we will treat it as a valid request to opt out of "sale" or "sharing" of Personal Information and/or targeted advertising where required by applicable U.S. state privacy laws.

To learn more about GPC and compatible browsers or extensions, visit: https://globalprivacycontrol.org

Your browser may also allow you to send a "Do Not Track" (DNT) signal. There is currently no consistent industry standard for responding to DNT, and we do not respond to DNT signals at this time, unless and until the law clearly requires us to do so.

We do not sell your Personal Information in the ordinary sense of the word. We may, however, disclose certain information to third parties in ways that could be considered a "sale," "sharing," or "targeted advertising" under certain U.S. state privacy laws.

Plain language: we share only what we need to share to run Vinny (e.g., hosting, payment, analytics) under contracts that limit how vendors can use your data.

We share Personal Information with:

Service providers and vendors:

Cloud hosting and infrastructure providers;
AI model providers and related tooling, subject to contractual protections, including commitments not to train their foundation models on your data;
Customer support and ticketing platforms;
Email, notification, and communication service providers;
Analytics and monitoring providers;
Payment processors and billing platforms;
Security and fraud-prevention vendors.

Professional advisors:

Lawyers, auditors, accountants, and other professional service firms, as needed to support our business and comply with law.

Business and integration partners:

Partners who help distribute, resell, or integrate the Services;
Single sign-on or identity providers, as configured by your organization.

Corporate transactions:

Actual or potential acquirers, investors, or other parties in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets. These parties will be subject to confidentiality obligations.

Legal, compliance, and safety:

Law enforcement, regulators, courts, or other third parties when we believe disclosure is required or appropriate to:
- comply with law, regulation, or legal process;
- protect the rights, property, or safety of us, our users, or others;
- investigate and respond to suspected illegal activities or policy violations.

We may also share aggregated or de-identified information that does not identify any individual.

8. How Long We Keep Your Personal Information

We retain Personal Information for as long as reasonably necessary to:

Provide and support the Services you request;
Maintain business and financial records;
Meet our legal, accounting, and regulatory obligations;
Resolve disputes and enforce our agreements; and
Protect and defend our rights and those of our users.

Retention periods vary depending on the type of data and the purpose of processing. When we no longer need Personal Information for the purposes for which it was collected (and any compatible purposes), we will either delete it or de-identify it, unless we are required by law to keep it longer.

If you request deletion of your data, we will comply as required by applicable law, subject to requirements to retain certain information (for example, transaction records) for legal, regulatory, or security reasons.

9. International Data Transfers

We may transfer, store, and process your Personal Information in countries other than your own, including the United States and other jurisdictions where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction and may not be as protective.

Where required (for example, for data originating from the EEA or UK), we implement appropriate safeguards, such as:

European Commission-approved Standard Contractual Clauses;
The UK's International Data Transfer Addendum; and/or
Other legally recognized transfer mechanisms.

You can contact us for more information about these safeguards (see How to Contact Us).

10. Supplemental U.S. State-Specific Privacy Rights

If you are a resident of certain U.S. states (such as California, Colorado, Connecticut, Utah, Virginia, or others with similar laws), you may have additional rights regarding your Personal Information. These may include, depending on your state:

The right to know/confirm what Personal Information we collect, use, disclose, and, where applicable, "sell" or "share";
The right to access and obtain a copy of certain Personal Information;
The right to request deletion of Personal Information we collected from you, subject to legal exceptions;
The right to request correction of inaccurate Personal Information;
The right to opt out of:
- "sales" of Personal Information,
- "sharing" for cross-context behavioral advertising / targeted advertising, and
- certain forms of profiling in furtherance of decisions that produce legal or similarly significant effects;
Where applicable, the right to limit certain uses of sensitive Personal Information;
The right not to be discriminated against for exercising any of these rights; and
The right to appeal our decision if we decline to act on your request (where provided by law).

To exercise these rights, please contact us as described in How to Contact Us. We may need to verify your identity before fulfilling your request. Where permitted, you may designate an authorized agent to submit requests on your behalf, subject to verification and documentation requirements under applicable law.

If your state law provides an appeal right and you are dissatisfied with our response, you may appeal by contacting us and referencing our prior decision. We will respond in accordance with applicable law.

We will also honor valid Global Privacy Control (GPC) signals as an opt-out of "sales" and/or "sharing" for targeted advertising where required by law (see Universal Opt-Out Mechanisms above).

11. Supplemental Information for Persons in the EEA and UK

If you are located in the EEA or UK, you may have the following rights regarding your Personal Information, subject to applicable law:

Right of access – To obtain confirmation and a copy of Personal Information we hold about you.
Right to rectification – To correct inaccurate or incomplete Personal Information.
Right to erasure – To request deletion of your Personal Information in certain circumstances.
Right to restriction – To request that we restrict processing of your Personal Information in certain circumstances.
Right to data portability – To receive certain Personal Information in a structured, commonly used, machine-readable format, and to transfer it to another controller where technically feasible.
Right to object – To object to processing based on our legitimate interests, including profiling, and to object at any time to processing for direct marketing.
Rights related to automated decision-making – To not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, except where allowed by law and subject to safeguards.
Right to withdraw consent – Where we rely on consent, you may withdraw it at any time (without affecting the lawfulness of prior processing).
Right to lodge a complaint – With your local data protection authority if you believe our processing of your Personal Information infringes applicable law.

To exercise your rights, please contact us using the details in How to Contact Us and let us know:

Which right(s) you wish to exercise; and
Enough information for us to verify your identity and locate your records.

We will respond to your request in accordance with applicable law.

If we have appointed an EU or UK representative (where required), their contact information will be provided separately (for example, in our EEA/UK-specific notices or on our website).

12. Keeping Your Personal Information Secure

We use appropriate technical and organizational measures designed to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, as appropriate:

Access controls and authentication;
Encryption in transit and at rest (where appropriate);
Network and application security measures;
Regular backups and recovery procedures;
Internal policies, training, and confidentiality obligations for personnel;
Vendor due diligence and contractual security commitments, including restrictions on how vendors can use your data.

Plain language: we apply industry-standard security controls and additional contractual protections so that your confidential information and documents remain private to you and are not repurposed for model training.

No system can be guaranteed to be 100% secure. If we become aware of a data breach that affects your Personal Information, we will notify you and relevant authorities as required by applicable law.

13. Children Under the Age of 16

The Services are not intended for and are not directed at children under 16 years of age. We do not knowingly collect, sell, or share Personal Information from children under 16.

If we learn that we have collected Personal Information from a child under 16, we will take steps to delete that information as required by law. If you believe we may have information about a child under 16, please contact us (see How to Contact Us).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page.

If we make material changes that affect how we use or disclose your Personal Information, we will provide additional notice, such as by:

Posting a prominent notice in the Services;
Sending you an email or in-app notification (where we have your contact details); or
Other appropriate means, consistent with applicable law.

Your continued use of the Services after any changes become effective means you accept the revised Privacy Policy.

15. How to Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or if you wish to exercise your rights, you can contact us at:

Vinny AI
4235 Redwood Ave.
Los Angeles, CA 90066

Email: privacy@vinnypro.ai

Please include your name, contact details, and a clear description of your request.