Privacy Policy

VR ExoSuit is a pre-launch project based in Cluj-Napoca, Romania, exploring a motorized VR exoskeleton fitness concept. This landing page collects interest from potential early users before the business is formally established.

Contact: exosuitvr@yahoo.com

• Personal information: first name, last name, and email address, provided when you pre-register.
• Anonymous survey answers: training frequency preference, gym membership status, and optional free-text feedback. These are stored separately and are never linked to your personal information.
• Visitor cookie: a random UUID stored in a browser cookie to count unique page visits. It contains no personal information.

We do not use analytics trackers, advertising pixels, or third-party cookies.

Your data is used for two purposes under GDPR Article 6(1)(a) (consent):

1. Send you a single email notification when the studio opens.
2. Use aggregated, anonymous survey statistics to plan capacity (e.g. how many devices to prepare).

• Names and email addresses are encrypted with AES-256-GCM before storage. Only the encryption key holder can decrypt them.
• Email addresses are also hashed (SHA-256, one-way) for deduplication. The hash cannot be reversed to recover the email.
• Confirmation and unsubscribe tokens are stored as SHA-256 hashes, never in plain text.
• Data is hosted on EU-based infrastructure (Neon Postgres).

• Unconfirmed entries: automatically deleted after 30 days.
• Confirmed entries: automatically deleted 2 years after confirmation, or earlier if you unsubscribe or request deletion, whichever comes first.
• Unsubscribe token: valid for 1 year on a rolling basis.

You have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: request deletion of your data at any time by clicking the unsubscribe link in your confirmation email, or by contacting us directly.
• Portability: receive your data in a structured, machine-readable format.
• Withdraw consent: at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email exosuitvr@yahoo.com.

We do not sell, rent, or share your personal data with third parties. The following services process data on our behalf under their own privacy policies:

• Resend: sends transactional emails (confirmation link).
• Cloudflare Turnstile: bot protection during form submission.
• Vercel: hosting provider.

We use a single functional cookie containing a random visitor ID (UUID). It is used to count unique page visits. It does not contain personal information, is not shared with third parties, and is not used for tracking or advertising.

We may update this policy as the project progresses toward a formal business entity. Updates will be reflected on this page with a revised date.