Privacy Policy

VibecodeAEO ("we", "us") respects your privacy. This policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

Information you give us

• Account data: your business email, display name, password (stored hashed), referral code, profile type selection.
• Workspace data: the website URLs, brand names, keywords, competitor lists, and custom prompts you submit.
• Payment data: handled by our payment processor (Stripe). We never store full card numbers on our servers — only a customer identifier and the last four digits of the card.
• Support communications: messages you send to [email protected].

Information collected automatically

• Usage data: scans run, features used, credits consumed, timestamps, IP address, browser type, device info, and referring URL.
• Cookies: session cookies to keep you logged in, and essential localStorage entries to remember your preferences (dashboard mode, action checklists). See our Cookie Policy.

2. How We Use Your Information

• To provide, operate, and improve the Service.
• To run AI scans on your behalf by sending prompts to third-party AI providers (OpenAI, Google Gemini, Perplexity).
• To process payments and manage subscriptions.
• To send you essential account emails (verification, receipts, password resets, scheduled scan results) and — if you have opted in — product updates and marketing emails.
• To detect and prevent abuse, fraud, and security incidents.
• To comply with legal obligations.

3. Legal Basis (GDPR)

• Contract: to provide the Service you signed up for.
• Legitimate interests: to secure the Service, prevent fraud, and improve it.
• Consent: for marketing emails and non-essential cookies. You can withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, and other laws.

4. Third-Party Processors

We share minimum-necessary data with trusted service providers:

• OpenAI, Google (Gemini), Perplexity — to generate AI responses. Prompts include the brand/URL/keywords you enter but do not include your email address.
• Stripe — payment processing (subject to Stripe's privacy policy).
• Resend — transactional email delivery.
• Replit / Neon — cloud hosting and managed PostgreSQL.

We do not sell your personal data to advertisers.

5. Data Retention

We retain account data while your account is active and for up to 90 days after deletion (to honor refund, audit, and legal obligations), after which it is permanently removed. Aggregated, de-identified analytics may be kept longer.

6. Your Rights

Depending on where you live, you may have the right to:

• Access, correct, or delete your personal data.
• Export your data in a portable format (available in your account settings).
• Object to or restrict certain processing.
• Opt out of marketing emails via the unsubscribe link in every marketing email.
• Lodge a complaint with your local data protection authority.

To exercise these rights, use the tools in your account settings or email [email protected].

7. International Transfers

Your data may be processed in countries other than where you live, including the United States and the European Union. We rely on standard contractual clauses and the safeguards of our processors to protect international transfers.

8. Security

We use TLS encryption in transit, password hashing (bcrypt), and role-based access controls. No system is 100% secure — you use the Service at your own risk. Report security concerns to [email protected].

9. Children

The Service is not intended for children under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, email us and we will delete it.

10. Changes

We may update this policy. Material changes will be announced via email or in-app notification.

11. Contact

Questions or privacy requests? [email protected].