VibeCodeMaxVibeCodeMax

Privacy Policy — Vibe Code Max

Effective date: 2025-12-23

This Privacy Policy explains how Vibe Code Max ("Vibe Code Max", "we", "us") collects, uses, discloses, and protects information when you use our website and subscription service at https://vibecodemax.app (the "Service").

Vibe Code Max is operated by an individual sole proprietor based in the United Arab Emirates (UAE). For purposes of data protection laws (including the GDPR where applicable), we are the data controller for the personal information described in this Policy.

Contact: hello@vibecodemax.app

1) What we collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically when you use the Service, and (c) information from service providers you use to pay or authenticate.

A. Information you provide

  • Account information: email address and authentication data needed to create and access your account (managed through Supabase Auth).
  • Support communications: messages you send us (for example, bug reports and support requests), plus any information you choose to include in those messages.
  • Generator inputs: project configuration choices and any text you input into the generator to produce outputs.
  • Stored outputs: generated code and related artifacts that we store for re-download.

Important: Do not enter sensitive personal information, payment card details, government IDs, or other confidential data into generator inputs unless you are comfortable storing it in your project configuration and outputs. The Service is designed for software template generation, not for handling sensitive personal data.

B. Information collected automatically

  • Usage data: pages viewed, basic interaction events, referrer information, approximate location derived from IP (e.g., country/region), device/browser type, and timestamps.
  • Log and security data: IP address, request metadata, error logs, and security events used to maintain and protect the Service.
  • Cookies and similar technologies: we use limited cookies or similar technologies that are necessary for authentication and to keep you signed in. (See Section 6.)

C. Information from third parties

  • Payments (Stripe): Stripe processes payments and stores payment card details. We receive limited information such as subscription status, plan, billing period, invoices/receipts, and Stripe customer identifiers needed to provide the Service and handle billing support.
  • Authentication (Supabase Auth): we use Supabase Auth to authenticate users and manage sessions (e.g., sign-in, password reset, magic links where enabled).

2) How we use your information

We use your information to:

  • Provide and operate the Service, including account creation, authentication, generating boilerplates, storing your project configuration and generated code for re-download, and maintaining your subscription access.
  • Process billing and manage subscriptions, including handling refunds where applicable and responding to billing-related support.
  • Improve and maintain the Service, including troubleshooting, testing, analytics, and performance monitoring.
  • Provide customer support, respond to requests, and communicate about the Service.
  • Secure the Service, prevent fraud/abuse, and enforce our Terms of Service.
  • Comply with legal obligations, resolve disputes, and protect our rights.

3) Legal bases for processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or another region with similar legal requirements, we rely on the following legal bases:

  • Contract: to provide the Service you requested (account access, generation, storage, subscriptions).
  • Legitimate interests: to secure, maintain, and improve the Service; prevent fraud/abuse; and understand aggregate usage patterns (balanced against your rights).
  • Consent: where required for certain cookies or optional features.
  • Legal obligation: where we must comply with law (for example, tax and accounting obligations).

4) How we share information

We do not sell your personal information. We share information only as described below:

Service providers (processors)

We use trusted service providers to run the Service, including:

  • Supabase Auth (authentication and session management)
  • Stripe (payments and subscription management)
  • Plausible Analytics (website analytics)
  • Netlify (hosting and delivery of the website/app)
  • Google Cloud Storage (storage of generated outputs and related artifacts for re-download)

These providers process information on our behalf under their own privacy and security commitments and only as needed to provide their services to us.

Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, regulation, legal process, or governmental request;
  • enforce our Terms of Service;
  • protect the security or integrity of the Service; or
  • protect the rights, property, or safety of users, the public, or us.

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and notice where required.

5) Data retention

We retain personal information only as long as necessary for the purposes described in this Policy.

  • Account, project configuration, and stored outputs: retained while your account is active. If you request account deletion, we will delete or anonymize your account data (including stored project configurations and stored outputs) within 60 days, unless we must retain certain information for legal or security purposes.
  • Billing records: we do not store payment card details. Stripe maintains payment details. We may retain minimal billing-related records (e.g., receipts, invoices, subscription status) as required for tax, accounting, fraud prevention, or dispute resolution.
  • Logs and security data: retained for a limited period necessary for security, troubleshooting, and abuse prevention, then deleted or aggregated.

6) Cookies and analytics

Authentication

We use essential cookies or similar technologies to maintain secure sessions and keep you signed in. These are required for the Service to work.

Analytics (Mixpanel)

We use Mixpanel to understand how visitors use our site. We use analytics to improve the Service and measure performance.

  • We do not use analytics for cross-site advertising.
  • We do not sell analytics data.
  • We do not use analytics to create profiles for behavioral advertising.

You can accept or reject analytics cookies in the cookie banner. Essential authentication cookies are always enabled.

If your browser blocks cookies, the Service may still work, but you may need to re-authenticate more frequently depending on your settings and the authentication flow.

Cookie preferences

You can change your cookie preferences at any time by clearing your browser cookies for this site and reloading the page to see the banner again.

7) International data transfers

We are based in the UAE, and our service providers may process information in other countries. This means your information may be transferred to and processed in jurisdictions outside your place of residence, including countries that may have different data protection laws.

Where required by law (for example, for transfers from the EEA/UK), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other valid transfer mechanisms to protect your information.

8) Your rights and choices

GDPR (EEA/UK)

If you are in the EEA/UK, you may have the right to:

  • access, correct, or delete your personal information;
  • object to or restrict certain processing;
  • request portability of your personal information; and
  • withdraw consent where we rely on consent.

You can exercise these rights by emailing hello@vibecodemax.app.

CCPA/CPRA (California)

If you are a California resident, you may have rights to:

  • know the categories and specific pieces of personal information we collect;
  • request deletion of personal information;
  • correct inaccurate personal information; and
  • opt out of the "sale" or "sharing" of personal information (as defined by California law).

We do not sell personal information and do not share personal information for cross-context behavioral advertising.

To make a request, email hello@vibecodemax.app. We may verify your request by confirming control of the account email address.

Categories collected (last 12 months):

  • Identifiers (e.g., email address, account IDs)
  • Internet or other electronic network activity (e.g., basic usage, logs)
  • Commercial information (e.g., subscription status, invoices/receipts)
  • Approximate geolocation (derived from IP at a country/region level)
  • User-provided content (project configurations and stored generated outputs)

Sources: you, your device/browser, and our service providers (Supabase, Stripe, Netlify, Plausible, Google Cloud Storage).

Business purposes: operating the Service, security, analytics, customer support, and billing.

PIPEDA (Canada)

If you are in Canada, you may have rights to access and correct your personal information and to challenge our compliance with applicable privacy principles. Contact hello@vibecodemax.app to request access or corrections.

General choices

  • Account settings: you may be able to update certain account information in your account settings.
  • Deletion: you can request account deletion by contacting hello@vibecodemax.app. We will delete your data within 60 days as described in Section 5.
  • Marketing emails: if we send marketing emails, you can opt out using the unsubscribe link or by contacting us. (Service/transactional emails may still be sent.)

9) Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. However, no system is 100% secure, and we cannot guarantee absolute security. You are responsible for protecting your account credentials and for keeping any generated code and secrets you deploy secure.

10) Children and teens

The Service is not directed to young children. Teens may use the Service with the permission and supervision of a parent or legal guardian.

If you believe a minor has provided personal information without appropriate permission, contact hello@vibecodemax.app, and we will take appropriate steps to delete the information.

11) Third-party links

The Service may link to third-party websites or services. Their privacy practices are governed by their own privacy policies, and we are not responsible for them.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on https://vibecodemax.app and update the effective date above. Your continued use of the Service after changes become effective means you accept the updated policy.

13) How to contact us

For privacy questions or to exercise your rights, contact:

Vibe Code Max

Email: hello@vibecodemax.app

Privacy Policy | VibeCodeMax