Privacy Policy

Last updated: May 9, 2026

1. What We Collect

We collect the minimum data necessary to provide the Service:

  • Account data: email address (used only for authentication)
  • Session data: the idea descriptions and conversation history you input
  • Usage data: how many vibe checks you have run this month
  • Billing data: Stripe customer ID and subscription status (we never store card numbers)

2. How We Use It

  • To authenticate you and maintain your session
  • To send your idea through our AI pipeline (Groq) and web search (Tavily)
  • To enforce monthly usage quotas and process payments
  • To improve the reliability and quality of the Service

We do not sell your data, use it for advertising, or share it with third parties other than the processors listed below.

3. Third-Party Processors

  • Supabase — database and authentication (EU data residency available)
  • Groq — AI language model for idea analysis
  • Tavily — web search for competitor discovery
  • Stripe — payment processing
  • Vercel — hosting and edge network

Each processor operates under their own privacy policies and data processing agreements.

4. Data Retention

Your session data is retained as long as your account is active, or until you delete it. You can delete individual sessions from within the app. Deleting your account removes all associated data within 30 days. Web search cache entries expire automatically after 7 days.

5. Cookies and Local Storage

We use HTTP-only cookies strictly for authentication (Supabase session tokens). We do not use tracking cookies or third-party analytics pixels. No advertising cookies are set.

6. Your Rights

Depending on your jurisdiction you may have rights to access, correct, delete, or export your personal data. To exercise any of these rights, email privacy@vibe-check.app. We will respond within 30 days.

7. Security

All data is encrypted in transit (TLS) and at rest. Server-side operations use a scoped service-role key that bypasses row-level security only for administrative operations (e.g., usage accounting). User data is isolated via Postgres RLS — a user can only read and write their own rows.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notice at least 14 days before they take effect.

10. Contact

Privacy questions? Email privacy@vibe-check.app.

← HomeTerms of Service