Privacy Policy

Last Updated: December 23, 2024

1. Introduction

Welcome to VibeBase. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Backend as a Service platform.

By using VibeBase, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password (encrypted)
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
  • User Data: Any data you store in tables through our API
  • Communications: Messages you send to our support team

2.2 Information Automatically Collected

  • Usage Data: API calls, request timestamps, response times
  • Device Information: IP address, browser type, operating system
  • Cookies: Session cookies for authentication (via Clerk)
  • Log Data: Access logs, error logs, security logs

2.3 Third-Party Data

We use third-party services that may collect information:

  • Clerk: Authentication and user management
  • Stripe: Payment processing
  • Cloudflare: Hosting and content delivery
  • Sentry: Error tracking and monitoring (optional)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Process API requests, store your data, manage your account
  • Authentication: Verify your identity and secure your account
  • Billing: Process payments and manage subscriptions
  • Improve the Service: Analyze usage patterns and optimize performance
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Enforce rate limits and terms of service
  • Communication: Send service updates, security alerts, and support responses
  • Legal Obligations: Comply with applicable laws and regulations

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored on Cloudflare's global infrastructure, which includes data centers worldwide. We use Cloudflare D1 (SQLite) databases for structured data and Cloudflare Workers for compute.

4.2 Security Measures

  • All data transmission is encrypted using TLS/SSL (HTTPS)
  • API keys are generated with cryptographic randomness
  • Passwords are hashed and never stored in plain text (via Clerk)
  • Access to data is authenticated and rate-limited
  • Regular security audits and monitoring
  • Automatic DDoS protection via Cloudflare

4.3 Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • All your data is permanently deleted within 30 days
  • Backup copies are deleted within 90 days
  • Some metadata may be retained for legal compliance
  • We recommend exporting your data before account deletion

5. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We share data with trusted third parties who help us operate the Service:

  • Clerk: Authentication services
  • Stripe: Payment processing
  • Cloudflare: Infrastructure and hosting
  • Sentry: Error monitoring

5.2 Legal Requirements

We may disclose your information if required to:

  • Comply with a legal obligation or court order
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of users or the public

5.3 Business Transfers

If VibeBase is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing of your data
  • Withdraw Consent: Revoke consent at any time

To exercise these rights, please contact us at privacy@vibebase.app

6.1 How to Access or Delete Your Data

  • Access your data through the dashboard at any time
  • Export data using the API or dashboard export feature
  • Delete your account through dashboard settings
  • Contact support for assistance with data requests

7. Cookies and Tracking

We use cookies and similar tracking technologies to track activity and store certain information:

7.1 Essential Cookies

  • Authentication: Keep you logged in (via Clerk)
  • Security: Protect against fraud and abuse
  • Session Management: Remember your preferences

7.2 Analytics Cookies

We may use analytics to understand how users interact with the Service. You can opt out of analytics tracking through your browser settings.

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Cloudflare operates a global network, and your data may be stored on servers in various locations.

We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovering the breach.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Our lawful basis for processing includes: contract performance, legal obligations, consent, and legitimate interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

By using VibeBase, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

← Back to Home