Back to Home

Privacy Policy

Last updated: 2026-07-10

Effective Date: July 10, 2026

This Privacy Policy explains how vvibe, inc., a Delaware corporation ("vvibe", "we", "us", or "our"), collects, uses, stores, and shares information when you use the vvibe website at vvibe.ai, the vvibe dashboard, APIs, command-line tools, daemon software, MCP endpoints, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

1. Information We Collect

  • Account information. When you register, we collect your name, email address, and password (stored only as a salted hash). If you sign in with Google or GitHub, we receive your name, email address, and profile picture from that provider.
  • Billing information. Payments are processed by Stripe, Inc. We receive and store your subscription tier, billing status, and invoice history. We do not store full payment card numbers; those are handled by Stripe.
  • Customer Content. Data that you or your connected AI agents submit to the Service, such as member and contact lists (names and email addresses), email campaign content, blog posts, and plan or product information. For personal information about your members and contacts, you are the controller and we process it on your behalf.
  • Integration data. When you connect a third-party service (such as Google Analytics or Sentry), we store the credentials needed to maintain the connection and the configuration you select. See Section 2 for how we handle Google user data specifically.
  • Usage data. Log data such as IP address, browser and device information, pages viewed, actions taken (including actions taken by your connected agents), timestamps, and diagnostic and error data.
  • Cookies. We use cookies and similar technologies for sign-in sessions, security, preferences, and to understand how the Service is used. See Section 6.

2. Google User Data

This section describes how we handle data we receive from Google APIs. It applies when you choose to connect your Google Analytics account to the Service.

What we access

With your explicit consent through the Google OAuth flow, we request the read-only Google Analytics scope (https://www.googleapis.com/auth/analytics.readonly). This allows the Service to list the Google Analytics 4 properties available to you and to read reporting data (such as traffic, page, and event metrics) from the properties you select. We do not request write access to any Google service, and we cannot modify your Google Analytics data.

How we use it

We use Google Analytics data solely to provide user-facing features of the Service: displaying analytics dashboards and reports to you, and answering analytics questions you or your connected agent ask about your own properties. We do not use Google user data for advertising, do not sell it, and do not use it to build profiles for any purpose unrelated to the analytics features you requested.

Limited Use disclosure

vvibe's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

How we store and protect it

Your Google OAuth tokens are encrypted at rest using AES-256-GCM envelope encryption and stored in our database. Analytics report data is retrieved from Google on demand to render your dashboard and is not retained as a long-term copy. All data is transmitted over encrypted connections (TLS).

Sharing of Google user data

We do not transfer Google user data to third parties except as necessary to operate the feature (for example, processing on our cloud hosting infrastructure), to comply with applicable law, or as part of a merger or acquisition in which the successor remains bound by this Policy. Our employees do not read your Google user data except with your consent (for example, to resolve a support request), for security or abuse investigation, or where required by law.

How to revoke access

You can disconnect Google Analytics at any time from the analytics settings in your dashboard, which deletes the stored OAuth tokens. You can also revoke vvibe's access from your Google Account security settings at https://myaccount.google.com/permissions. Deleting your vvibe account also deletes the stored tokens.

3. How We Use Information

  • Provide, maintain, and improve the Service, including executing the actions you or your connected agents request.
  • Process subscriptions, payments, and credits, and send related transactional messages (receipts, renewal and dunning notices, quota alerts).
  • Provide customer support and respond to your requests.
  • Monitor for, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use your Customer Content to train machine-learning models.

4. How We Share Information

  • Service providers. We share information with vendors that help us operate the Service — cloud hosting and infrastructure providers, the Stripe payment platform, email delivery providers (used to send your campaigns and our transactional email), webhook delivery infrastructure, and error-monitoring and analytics tools. Service providers are bound by contract to process information only on our instructions.
  • At your direction. When you connect a third-party integration or instruct your agent to send data somewhere, we share the data needed to carry out that request.
  • Legal requirements. We may disclose information if we believe it is required by law, subpoena, or other legal process, or to protect the rights, safety, or property of vvibe, our users, or the public.
  • Business transfers. If vvibe is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction; the successor remains bound by this Policy or one at least as protective.
  • Aggregated data. We may share aggregated or de-identified information that cannot reasonably be used to identify you.

We do not sell personal information and do not share it with third parties for cross-context behavioral advertising.

5. Email Sent Through the Service

When you use the Service to send email to your members and contacts, we process recipient information and message content on your behalf and route it through email delivery providers. We track delivery events (such as bounces and spam complaints) to protect deliverability and enforce sending quotas. Your recipients' data is used only to send and measure your email — never for our own marketing.

6. Cookies and Similar Technologies

We use strictly necessary cookies for authentication and security, and functional cookies for preferences such as language. We may use limited first-party analytics to understand how the Service is used. Most browsers let you control cookies through settings; blocking strictly necessary cookies may prevent the Service from working.

7. Data Retention and Deletion

We retain your information for as long as your account is active. You can delete your account at any time from your account settings; deletion is immediate and permanent, and removes your account data, Customer Content, and stored integration credentials (including Google OAuth tokens). Residual copies may persist in encrypted backups for a limited period before being purged. We retain billing and tax records as required by law, and we may retain limited log data for security purposes for a limited period.

8. Security

We protect information using industry-standard measures, including TLS encryption in transit, encryption at rest for sensitive credentials (AES-256-GCM), hashed passwords, and access controls limiting employee access to production data. No method of transmission or storage is completely secure; if we learn of a breach affecting your personal information, we will notify you as required by applicable law.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at service@vvibe.ai and we will delete it.

10. Your Privacy Rights

You may access and update your account information in your settings, and you may request access to, correction of, deletion of, or a portable copy of your personal information by emailing service@vvibe.ai. We will verify your request and respond as required by applicable law.

California residents

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect (described in Section 1: identifiers, commercial information, and internet activity), the right to access, correct, and delete it, the right to opt out of sale or sharing (we do not sell or share personal information as defined by the CCPA), and the right not to be discriminated against for exercising these rights. You may submit requests via service@vvibe.ai, including through an authorized agent.

Other U.S. states and international users

Residents of other U.S. states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, and Texas) have similar rights of access, correction, deletion, and portability, which we honor through the same channel. If you use the Service from outside the United States, note that your information is processed and stored in the United States, and by using the Service you consent to that transfer. Where the personal data in your Customer Content is subject to laws such as the GDPR, you are the controller and we act as your processor under our Terms of Service.

11. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy on this page and update the effective date above. If we make material changes, we will notify you by email or through the Service before they take effect.

12. Contact Us

If you have questions about this Policy or our data practices, contact us at: vvibe, inc. Email: service@vvibe.ai