Legal

Privacy Policy

Effective date: 28 May 2025 · Last updated: 28 May 2025

1. Who We Are

VybeCode Ltd ("VybeCode," "we," "us," or "our") is a software company registered in the United Kingdom. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (vybeco.de) or use any of our products and services.

We take your privacy seriously. We operate under a strict data-minimisation principle: we only collect the data we absolutely need, we never sell it, and we never share it with third parties for marketing purposes.

2. Data We Collect

2.1 Data You Provide Directly

  • Contact form submissions: Name, email address, subject, and message content. Collected solely to respond to your inquiry.
  • Account data (product-specific): If you create an account on one of our products (e.g., ActiveAura, Audio PromptMonster, Ide/AI), we collect the information required for account creation as described in that product's specific privacy terms.

2.2 Data Collected Automatically

  • Server logs: Our hosting provider may log IP addresses, browser type, and access timestamps for security and uptime purposes. These logs are retained for no more than 30 days and are not used for tracking or profiling.

2.3 Data We Do NOT Collect

We want to be explicit about what we do not do:

  • We do not use cookies for tracking, advertising, or analytics on this website.
  • We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
  • We do not fingerprint your browser or device.
  • We do not collect data from minors knowingly. If you are under 16, please do not submit personal data to us.
  • We do not sell, rent, lease, or trade your personal data to any third party, under any circumstances.

3. How We Use Your Data

We use personal data strictly for the following purposes:

  • To respond to your inquiries submitted through our contact form.
  • To provide and maintain our products if you hold an account with one of our services.
  • To comply with legal obligations where required by applicable law.

We do not use your data for automated decision-making, profiling, or targeted advertising.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

  • Consent: When you submit our contact form and explicitly check the consent box.
  • Contractual necessity: When processing is required to provide a service you have signed up for.
  • Legitimate interest: Server logs for security purposes, balanced against your right to privacy.
  • Legal obligation: Where we are required to retain or disclose data by law.

5. Data Retention

  • Contact form data: Retained for up to 12 months after our last communication, then permanently deleted.
  • Server logs: Automatically purged after 30 days.
  • Account data: Retained for the duration of your account. Upon account deletion, all personal data is permanently removed within 30 days.

You may request early deletion at any time (see Section 7).

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • TLS/SSL encryption for all data in transit.
  • Encryption at rest for stored personal data where applicable.
  • Access controls limiting who within our organisation can view personal data.
  • Regular security reviews of our systems and practices.

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

7. Your Rights

Under GDPR and UK data protection law, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request permanent deletion of your data ("right to be forgotten").
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest.
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at the address listed in Section 10. We will respond within 30 days.

8. Third-Party Services

Our website may contain links to third-party websites (e.g., product sites, GitHub). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies independently.

If we use a third-party form processor (e.g., Formspree) to handle contact form submissions, that processor acts as a data processor under our instruction and is bound by a data processing agreement. They do not have independent rights to use your data.

9. International Transfers

Your data may be processed in countries outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with applicable law.

10. Contact & Complaints

For any privacy-related questions, requests, or complaints:

If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will make reasonable efforts to notify you (e.g., a notice on our website). Your continued use of our website or services after changes are posted constitutes acceptance of the revised policy.