How Vianium handles account, plugin, and operational data.

Vianium is an execution layer for identity, OAuth, billing, media, observability, and connected modules. This policy covers the landing site, dashboard, Connect gateway, and linked-account flows exposed by the product.

Some Vianium deployments may be operated by customers or partners. In those cases, the operator of that environment may also act as the data controller toward their end users.

We collect identity and access data required to operate the account: email, name, derived credentials, session tokens, and authentication state.

When a person links a plugin, Vianium may store OAuth tokens, account identifiers, public profile data, and the minimum information required to operate that module.

We use data to authenticate users, link external accounts, perform user-requested operations, protect sessions, debug incidents, and maintain service availability.

We do not use plugin data for purposes unrelated to the contracted product functionality. Actual scope depends on the enabled modules and the permissions granted by each user.

The system applies technical controls to reduce exposure and unauthorized access. In the current codebase, passwords use Argon2id, secrets and tokens are encrypted before persistence, and gateway sessions are managed with revocable JWTs.

The channel between the gateway and plugins can run with optional mTLS, and the platform keeps logs and metrics for system health, technical auditing, and operational response.

We keep data while the account, session, or linked integration remains active and for as long as needed for security, support, fraud prevention, contractual performance, or legal obligations.

When a user disconnects a plugin or requests account closure, Vianium removes or invalidates elements that are no longer needed, subject to the minimum retention period for security and audit records in that deployment.

When a user connects third-party services, some information is exchanged with those providers to complete OAuth, read resources, or publish content. That includes Meta Threads when the user links their Threads account.

Each external provider maintains its own policies and terms. Vianium only requests and processes the scope required for the function enabled in the relevant module.

Users may request access, correction, connection revocation, or data deletion through the operator of the environment where they use Vianium.

If the request is related to a linked plugin, we also recommend revoking access from the corresponding external account to cut off any remaining provider-side permission.

Privacy and compliance requests should be directed to the operator of the Vianium deployment or to the support channel associated with the instance where the product is used.