Privacy Policy

Last updated: January 22, 2026

Vibe Coded LLC ("vibe-coded.ai," "Vibe Coded," "we," "us," or "our") provides a platform that enables users to create, deploy, and host web applications ("vibes") with built-in AI capabilities (the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Services.

If you do not agree with this Privacy Policy, please do not use the Services.

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Visitors to our website
  • Account holders and authorized users who create and manage vibes ("Customers")
  • End users who interact with a Customer's deployed vibe ("End Users"), to the extent we process data on behalf of the Customer

Age requirement

Our Services are not intended for users under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us at privacy@vibe-coded.ai and we will take steps to delete it.

2. Key Definitions

  • "Personal Information" (or "Personal Data") means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identifiable individual or household.
  • "Customer Content" means code, files, prompts, configuration, text, and other content that Customers or their authorized users create, upload, store, or submit to the Services, including content contained in a vibe.
  • "Service Data" means operational and technical information about how the Services are accessed and used (for example: logs, device/browser data, billing events, security telemetry, and aggregated usage metrics).
  • "Processing" means any operation performed on information, such as collecting, storing, using, disclosing, or deleting it.

3. Roles: When We Are a Controller vs. a Processor

Privacy laws often distinguish between:

  • Controllers (who decide "why" and "how" data is processed), and
  • Processors (who process data on behalf of a controller).

When we act as a controller

We act as a controller when we process Personal Information to:

  • Create and administer accounts
  • Operate and secure the platform
  • Process payments and manage subscriptions
  • Communicate with you about your account and the Services
  • Comply with legal obligations

When we act as a processor

When a Customer deploys a vibe that collects or processes Personal Information about End Users, the Customer is typically the controller, and vibe-coded.ai is a processor to the extent we host and process that data on the Customer's behalf.

If you are an End User of a Customer's vibe and have privacy questions about that vibe's data practices, you should contact the Customer who operates the vibe.

4. Information We Collect

4.1 Information you provide to us

We collect information you provide directly, including:

  • Account information (e.g., name, email address, login credentials)
  • Billing information (e.g., subscription tier and payment status; payment card details are handled by our payment processor and are not stored by us)
  • Customer Content (e.g., vibes, code, stored data, prompts and inputs you submit through the platform)
  • Communications (e.g., emails you send to us with questions, feedback, or requests)

4.2 Information we collect automatically

When you use the Services, we automatically collect:

  • Usage data (e.g., pages visited, features used, actions taken, build/deploy events)
  • Device and browser data (e.g., browser type, operating system, device identifiers)
  • Log data (e.g., IP address, access times, referring URLs, error logs)
  • Cookie and similar technology data (see Section 12)

4.3 Information from third parties

We may receive information from third parties such as:

  • Payment status and subscription events from our payment processor (Stripe)
  • Delivery and engagement metadata for transactional emails sent via our email service provider (Resend)
  • Error and performance diagnostics from monitoring tools (Sentry)

4.4 Information processed within Customer-deployed vibes

A Customer's deployed vibe may process Personal Information about End Users, depending on what the Customer builds (e.g., login forms, contact forms, user-generated content). We host the vibe and may process that data to provide the Services, but the Customer controls what their vibe collects and how it is used.

5. How We Use Information

We use Personal Information and Service Data to:

  • Provide and operate the Services, including creating accounts, hosting and serving vibes, and enabling storage and runtime functionality
  • Authenticate users and maintain account sessions
  • Process subscriptions and payments
  • Send transactional communications, such as verification emails, security alerts, billing notices, and important platform updates
  • Monitor, debug, and improve the Services, including troubleshooting errors and improving reliability and performance
  • Protect the Services, including detecting, preventing, and investigating fraud, abuse, security incidents, and violations of our Terms
  • Comply with legal obligations and respond to lawful requests

We do not use your code or vibes to train our own AI models.

6. Legal Bases for Processing (EEA/UK/Switzerland)

If you are located in the EEA, UK, or Switzerland, we process Personal Information only when we have a valid legal basis, including:

  • Contract performance (to provide the Services you request)
  • Legitimate interests (to secure, maintain, and improve the Services, prevent fraud and abuse, and support operations)
  • Consent (for optional features or communications where required by law)
  • Legal obligation (to comply with accounting, tax, and other legal requirements)

Where we rely on legitimate interests, you may object by contacting privacy@vibe-coded.ai.

7. AI Features and Third-Party AI Providers

Some features of the Services allow you to interact with AI capabilities. When you use these features, certain inputs (which may include prompts and relevant Customer Content) may be transmitted to an AI provider for processing and to generate outputs.

Current AI Provider:

  • Anthropic PBC (Claude API)

We do not control third-party AI providers' independent data practices. Please review their policies for details:

Important note about connecting external AI clients (e.g., Claude app)

Some vibes may support the Model Context Protocol (MCP) and may be accessed by third-party AI clients. If you choose to connect an external AI client to a vibe, your interactions may be subject to that third party's terms and privacy practices in addition to this Privacy Policy.

8. Third-Party Service Providers (Sub-processors)

We use trusted third-party service providers to help operate the Services. These providers may process Personal Information only as necessary to provide services to us.

  • Cloudflare, Inc. – infrastructure, hosting, content delivery, and security services
  • Stripe, Inc. – payment processing (payment card details are transmitted directly to Stripe and not stored by us)
  • Anthropic PBC – AI features (Claude API)
  • Resend (Plus Five Five, Inc.) – email delivery (transactional messages such as verification, security, and billing emails)
  • Sentry – error monitoring and diagnostics (to help us detect and fix bugs and reliability issues)

Links to vendor policies (for convenience):

9. How We Share Information

We do not sell your Personal Information.

We may share or disclose information only in the following circumstances:

  • With service providers listed in Section 8 to operate the Services
  • For legal compliance (e.g., to respond to lawful requests, court orders, or to meet regulatory obligations)
  • To protect rights and safety (e.g., to investigate and prevent fraud, abuse, security incidents, or violations of our Terms)
  • Business transfers (e.g., merger, acquisition, financing, bankruptcy, or sale of assets; information may be transferred as part of that transaction)
  • With your direction or consent (e.g., if you connect third-party services or integrations you choose)

We may also share aggregated or de-identified information that cannot reasonably be used to identify you.

10. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Security measures may include:

  • Encryption in transit (TLS) for data transmitted to and from the Services
  • Secure credential handling (passwords stored using one-way hashing; we cannot recover your password)
  • Access controls designed to restrict access to authorized personnel and systems
  • Monitoring and logging to help detect and respond to suspicious activity

No method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for activity under your account.

11. Data Retention

We retain Personal Information only as long as reasonably necessary to provide the Services and for legitimate business purposes such as security, dispute resolution, and legal compliance.

Typical retention periods include:

  • Account and platform data: retained while your account is active; after termination or deletion requests, we may retain data for up to 30 days for account recovery and export requests (where applicable)
  • Vibe content: retained until you delete it or close your account (subject to short post-deletion retention for recovery/export)
  • Payment and transaction records: retained for up to 7 years for tax and financial compliance
  • Log data: retained for up to 90 days for security, debugging, and fraud prevention
  • Backups: deleted data may persist in backups for up to 90 days before being overwritten or permanently deleted

We may retain information longer where required by law or where needed to establish, exercise, or defend legal claims.

12. Cookies and Tracking

We use essential cookies and similar technologies to operate the Services, such as for authentication and session management.

Essential cookies

Example:

Cookie Purpose Duration
vc_session Authentication and session management Session (or up to 30 days if "Remember Me" is selected)

No advertising / analytics cookies

We do not use third-party advertising or analytics cookies.

Do Not Track

Our Services do not respond to "Do Not Track" (DNT) signals because we do not track you across unrelated websites.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. Because we rely on infrastructure providers with global networks, data may be processed in multiple locations.

Where required, we rely on lawful transfer mechanisms such as Standard Contractual Clauses or other valid safeguards.

14. User-Deployed Applications ("Vibes")

When you deploy a vibe on our platform, that vibe may collect Personal Information from its End Users depending on how you build it. Customers are responsible for:

  • Providing appropriate privacy notices to End Users
  • Obtaining any required consents
  • Complying with applicable privacy and data protection laws for their vibe's data practices

vibe-coded.ai is not responsible for the privacy practices of user-deployed vibes. However, we may review or remove vibes that violate our Terms or applicable law.

15. Your Privacy Rights

Depending on your location, you may have rights regarding your Personal Information. These may include:

15.1 All users (where applicable)

  • Access: request a copy of your Personal Information
  • Correction: request correction of inaccurate information
  • Deletion: request deletion of your account and Personal Information
  • Portability: request export of your data (where available)
  • Marketing opt-out: unsubscribe from promotional emails (if any) via the link in the message

15.2 EEA/UK/Switzerland (GDPR) additional rights

  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local supervisory authority

15.3 U.S. state privacy rights (including California)

Depending on your state of residence, you may have rights to:

  • Know what categories of Personal Information we collect and disclose
  • Access, delete, and correct Personal Information
  • Opt out of "sale" or "sharing" of Personal Information (we do not sell or share as defined under many state laws)
  • Appeal certain decisions regarding your requests (where required)

16. California Privacy Notice (CCPA/CPRA)

Categories of Personal Information we collect

Depending on how you use the Services, we may collect:

  • Identifiers (name, email, IP address, account identifiers)
  • Commercial information (subscription tier, billing status, transaction records)
  • Internet/network activity (usage data, logs, device and browser data)
  • Customer Content (code, prompts, configuration, data you store in vibes)
  • Approximate location (derived from IP address)

Purposes

We collect and use this information for the purposes described in Section 5.

Sale or sharing

We do not sell Personal Information and do not "share" Personal Information for cross-context behavioral advertising.

Retention

See Section 11.

Exercising California rights

See Section 17.

17. How to Exercise Your Rights

To exercise your privacy rights, contact us at privacy@vibe-coded.ai with:

  • Your name and the email address associated with your account (if applicable)
  • The specific request you are making (access, deletion, correction, portability, etc.)

We will take reasonable steps to verify your identity (for example, by sending a confirmation link to your registered email address). We generally respond within 30 days (or as otherwise required by applicable law).

18. Third-Party Links and Services

The Services may contain links to third-party sites or services. We are not responsible for the privacy practices of third parties. Please review their policies before providing information to them.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If changes are material, we may provide additional notice through the Services or by email.

20. Contact Us

For questions about this Privacy Policy or privacy requests: