Is VDI Agent really free?

Yes — 50 free AI interactions (14-day trial). Then $9.99/month for 500 interactions. All AI models included, no API keys needed.

Which VDI platforms are supported?

Citrix, RDP, Azure Virtual Desktop, AWS WorkSpaces, VMware Horizon.

Is my screen data secure?

All data is encrypted in transit. No persistent storage of screen content.

LEGAL_DOCS:

// PRIVACY POLICY

This Privacy Policy explains how VDI Agent collects, uses and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian privacy law.

01 // DATA CONTROLLER

The data controller for vdiagent.ai is:

Christian Fiorillo — VDI Agent
Email: hello@vdiagent.ai
Website: https://vdiagent.ai

For any privacy-related request, contact us at hello@vdiagent.ai.

02 // DATA COLLECTED

We collect the following categories of personal data:

► Email address — provided when joining the waitlist, creating an account, or contacting us.
► Usage data — interactions with the AI proxy (request count, model selection). Never the content of your prompts.
► License key — generated upon registration, linked to your account.
► Payment data — processed exclusively by Stripe. We never store card numbers.
► Technical data — IP address, browser type, OS, referrer URL (collected via server logs and analytics cookies, subject to your consent).
► Cookies — see Section 08 for full details.

03 // LEGAL BASIS

We process your data on the following legal bases (GDPR Art. 6):

► Consent (Art. 6.1.a) — analytics cookies and non-essential tracking. You may withdraw consent at any time via the cookie banner.
► Contract performance (Art. 6.1.b) — processing your email and license to deliver the service you subscribed to.
► Legitimate interest (Art. 6.1.f) — security logging, fraud prevention, abuse detection.
► Legal obligation (Art. 6.1.c) — tax and billing records as required by EU law.

04 // DATA RETENTION

We retain personal data for the following periods:

► Account data (email, license) — for the duration of your account, plus 30 days after deletion.
► Waitlist emails — up to 3 years, or until you unsubscribe.
► Usage logs — 90 days rolling window.
► Server / security logs — 30 days.
► Payment records — 10 years (Italian and EU fiscal law requirement).
► Analytics data — 14 months (Google Analytics default), or as configured.

You may request early deletion at any time — see Section 06.

05 // THIRD PARTIES & TRANSFERS

We share data with the following third-party processors:

► Stripe — payment processing (USA, EU–US Data Privacy Framework).
► Vercel — hosting and edge runtime (USA, SCC).
► Supabase — database hosting (EU region).
► Resend — transactional email (EU).
► AI providers (Anthropic, OpenAI, Google, DeepSeek) — your prompts are forwarded to the selected model. We do not log prompt content. Each provider's own privacy policy applies.

No personal data is sold to third parties.

06 // YOUR RIGHTS

Under GDPR you have the following rights:

► Access (Art. 15) — request a copy of the data we hold about you.
► Rectification (Art. 16) — correct inaccurate or incomplete data.
► Erasure (Art. 17) — "right to be forgotten" — request deletion of your account and associated data.
► Restriction (Art. 18) — ask us to pause processing in certain circumstances.
► Portability (Art. 20) — receive your data in a structured, machine-readable format.
► Objection (Art. 21) — object to processing based on legitimate interest.
► Withdraw consent — revoke analytics consent at any time via the cookie banner.

To exercise any right, email hello@vdiagent.ai with subject "GDPR Request". We respond within 30 days.

You also have the right to lodge a complaint with your local Data Protection Authority (for Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it).

07 // SECURITY

We implement the following technical and organisational measures:

► All data in transit is encrypted via TLS 1.2+.
► Passwords are hashed with bcrypt (cost factor 12).
► Database access is restricted to application services via row-level security.
► No screen content or AI prompt content is persistently stored on our servers.
► Access to production systems is limited to authorised personnel only.

08 // COOKIE POLICY

We use the following categories of cookies:

ESSENTIAL COOKIES (no consent required)
► vdiagent_session — keeps you authenticated. Session duration. Cannot be disabled.
► next-auth.session-token — NextAuth session token. Session duration.

ANALYTICS COOKIES (require consent)
► _ga, _ga_* — Google Analytics. Identifies unique visitors. 2-year expiry.
► Future analytics tools — only activated after you accept via the cookie banner.

PREFERENCE COOKIES (require consent)
► vdiagent_cookie_consent — stores your consent choice. 1-year expiry.

You can change your cookie preferences at any time by clearing localStorage key "vdiagent_cookie_consent" or by using your browser's cookie management tools.

09 // CHILDREN

VDI Agent is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact hello@vdiagent.ai and we will delete it promptly.

10 // CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date below and, for material changes, notify registered users by email.

Last updated: 8 April 2026

← BACK TO HOME·TERMS OF SERVICE →