Privacy Policy

We collect only what's necessary to run Vibie:

• Account info from Google OAuth: email, name, profile picture URL
• Your custom profile fields: bio, handle, custom avatar (if uploaded)
• Site content you upload (HTML/CSS/JS/images) — stored on Cloudflare R2
• Site metadata: name, slug, category, visibility, like counts
• Activity: site deployments, likes you give, reports you file
• Operational logs: IP address on sign-up and reports (for abuse defense), Worker request logs
• Cookies — see /cookies for details

We don't collect: location, contacts, browsing history outside Vibie, third-party analytics tied to your account during early access.

Account info: to identify you and let you sign in.

Site content + metadata: to host and serve your sites.

Activity: to power the gallery, profile pages, and likes feature.

IP on sign-up + reports: to detect and prevent abuse (spam, mass reports, account-laundering).

We don't sell your data. We don't profile you for ads.

You: full access to everything via /settings/account.

Other Vibie users: only what you've made public — your handle, name, avatar, bio, and sites with visibility set to public.

Vibie staff: limited access for support and abuse moderation. All admin actions are logged.

Subprocessors: see section 5.

Law enforcement: only when legally compelled (subpoena, court order). We notify you unless legally prohibited.

Account info, site metadata, activity: Supabase (Postgres) in Asia-Pacific (Seoul region).

Site files + custom avatars: Cloudflare R2, distributed globally for low-latency serving.

Email delivery: Resend (US).

OAuth: Google (US/global).

We use the following services to operate Vibie:

• Google (OAuth identity)
• Vercel (web hosting)
• Cloudflare (R2 storage, Workers, DNS)
• Supabase (Postgres database)
• Resend (transactional email)

Each subprocessor has their own privacy practices. We choose ones with strong privacy track records.

Depending on where you live, you may have these rights:

• Access: Download all your data as JSON at /settings/account → Export your data
• Deletion: Request account deletion at /settings/account. 30-day grace, then permanent.
• Correction: Edit your name, bio, handle anytime in settings
• Portability: Your export includes machine-readable JSON
• Withdraw consent: stop using Vibie and request deletion

For EU users (GDPR): you can also file complaints with your local data protection authority.

For Korean users (PIPA): we comply with the Personal Information Protection Act. Contact our DPO at hello@vibie.io.

Active account: we keep your data as long as you use Vibie.

Deletion request: cleaned up after the 30-day grace window. Some operational logs retained 90 days for security.

Reports: retained 12 months after resolution for accountability.

Billing records (when applicable): retained per tax law (Korea: 5 years).

Vibie is not for users under 14. We don't knowingly collect data from children. If you believe a child has signed up, email hello@vibie.io and we'll remove the account.

We use industry-standard practices: HTTPS everywhere, encrypted database connections, secure secrets management, principle-of-least-privilege admin access.

No system is perfectly secure. If we discover a breach affecting you, we'll notify you within 72 hours.

We'll update this policy when our practices change. Material changes are announced via email and on this page at least 14 days in advance.