Privacy Policy
Last updated: 2026-04-27
We respect your privacy. This Privacy Policy explains what data vibestrap collects, why we collect it, how we use it, and your rights over it.
1. Information we collect
Account information
- Email address — for sign-in, transactional emails, and account recovery.
- Name — for personalization and email greetings.
- Profile image (if signing in with Google/GitHub) — displayed in your account UI.
- Hashed password (if using email + password sign-in) — never stored or transmitted in plaintext.
- Preferred locale — to display the right language.
Usage information
- IP address — for fraud prevention, rate-limiting, and security audit logs.
- User agent — to render the right experience and debug issues.
- Session activity — login times, last-seen timestamps.
Payment information
Payments are processed by Stripe. We never see or store your full card number, CVV, or bank details. Stripe sends us only:
- A customer ID and subscription/order ID
- The amount, currency, and status of each payment
- The last four digits of your card (optional, for invoice display)
Email subscription (optional)
If you subscribe to our newsletter, your email address is shared with our email provider (currently Resend) for delivery purposes only. You can unsubscribe at any time from any email we send.
2. How we use your data
- Provide the service — authentication, payments, content delivery.
- Communicate — receipts, password resets, important product updates, and (if subscribed) the newsletter.
- Improve the product — aggregate usage analytics. Individual data is never sold or shared with third parties for advertising.
- Comply with the law — for tax records, fraud prevention, and lawful disclosure when required.
3. Data sharing
We share data only with the third-party services we use to operate the product:
- Stripe — payment processing
- Resend — transactional and marketing email delivery
- Vercel — hosting (and Vercel Analytics for aggregated traffic data)
- Google / GitHub — only if you sign in via OAuth (we receive the bare minimum profile fields)
We do not sell your personal data, ever. We do not share data with advertisers or data brokers.
4. Your rights (GDPR / CCPA-style)
You have the right to:
- Access — request a copy of all data we hold about you.
- Correct — update inaccurate information via your settings page.
- Delete — close your account from the settings page; we will delete your data within 30 days, except where we are legally required to retain it (e.g. tax records, kept for 7 years per most jurisdictions).
- Export — request your data in a machine-readable format.
- Object — opt out of any non-essential data processing at any time.
To exercise any of these, email [email protected].
5. Data retention
We keep account data for as long as your account is active. After account deletion, we delete personal data within 30 days, except for legally required records (invoices, tax data) which are retained per local law.
6. Cookies
We use a minimal set of cookies:
- Session cookie (essential) — to keep you signed in.
- NEXT_LOCALE cookie — to remember your language choice.
- Theme cookie — to remember light/dark preference.
We do not use third-party advertising or tracking cookies.
7. Children's privacy
vibestrap is not intended for use by children under 16. We do not knowingly collect data from children. If you become aware that a child has provided us with personal information, please contact us so we can delete it.
8. Changes to this policy
Material changes will be announced via the changelog and emailed to active customers. The "Last updated" date at the top reflects the most recent revision.
9. Contact
Privacy questions? Email [email protected].