Home

Privacy Policy

Last updated: February 2026

1. Introduction

VibeGen ("we", "us", "our") operates the vibegen.eu website and related services. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable EU/Lithuanian data protection laws.

By using VibeGen, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, profile preferences (skill level, interests, industries), and authentication data (via email/password or OAuth providers).
  • Generated content: project ideas, PRDs, implementation tasks, market research results, and validation data you create using our AI tools.
  • Credit transactions: records of credit purchases, subscription changes, and credit usage for AI operations.
  • Usage analytics: pages visited, features used, session duration, and interaction patterns (only with consent for non-essential cookies).
  • Technical data: IP address, browser type, device information, and locale preferences.

3. How We Use Your Data

  • Service operation: to provide, maintain, and improve VibeGen, including authentication, profile management, and content delivery.
  • AI generation: to send your prompts and preferences to AI providers for generating ideas, PRDs, tasks, research, and validations. Your data is sent only as needed for generation and is not used to train third-party AI models.
  • Payment processing: to manage subscriptions, credit purchases, and billing through our payment processor.
  • Analytics: to understand usage patterns and improve the product (only with your consent).
  • Communications: to send transactional emails (account verification, password reset) and optional weekly digest emails if you opt in.

4. Third-Party Services

We share data with the following third-party processors, each under their own privacy policies and data processing agreements:

  • Supabase — database hosting, authentication, and file storage. Data stored in EU-region servers.
  • Stripe — payment processing. We do not store your full credit card details; Stripe handles all payment data under PCI DSS compliance.
  • Anthropic — AI content generation. Your prompts and context are sent for processing. Anthropic does not use API inputs to train models.
  • OpenAI — AI validation and embeddings. Inputs sent via API are not used for model training under our API agreement.
  • Vercel — application hosting and edge delivery.
  • Resend — transactional and digest email delivery.
  • Google Analytics — website usage analytics with Google Consent Mode v2. Collects anonymized, cookieless usage data by default. Full analytics data (with cookies) is only collected with your explicit consent.
  • Meta (Facebook) Pixel — conversion tracking for advertising optimization. Only activated when you accept non-essential cookies via the consent banner.
  • Microsoft Clarity — heatmaps and session recordings for understanding user interaction patterns. Only activated when you accept non-essential cookies.

5. Data Retention

  • Active accounts: your data is retained for as long as your account is active.
  • Deleted accounts: when you request account deletion, we enter a 30-day grace period during which you can contact support to reverse the deletion. After 30 days, all personal data, generated content, and transaction history are permanently deleted.
  • Anonymized analytics: aggregated, non-identifiable usage statistics may be retained indefinitely for product improvement.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of all personal data we hold about you. Use the "Export My Data" feature in Settings.
  • Right to rectification: you can update your profile information at any time through Settings.
  • Right to erasure: you can delete your account and all associated data through Settings. Deletion is permanent after the 30-day grace period.
  • Right to data portability: you can export your data in JSON format using the "Export My Data" feature.
  • Right to object: you can opt out of non-essential cookies and analytics at any time.
  • Right to restrict processing: contact us to request restriction of certain data processing activities.

7. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication, session management, locale preferences, and cookie consent storage. These cannot be disabled.
  • Analytics cookies (optional): used to understand how visitors interact with VibeGen. These include Google Analytics 4 (with Consent Mode v2), Meta Pixel, and Microsoft Clarity cookies. These are only set if you accept non-essential cookies via the consent banner. Google Analytics may collect limited, cookieless measurement data even without consent, in compliance with Google Consent Mode v2.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), row-level security in our database, and secure authentication flows. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Contact Information

For any questions about this privacy policy or to exercise your data rights, contact us at:

Email: labas@ponasobuolys.lt

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Your continued use of VibeGen after changes constitutes acceptance of the updated policy.

View Terms of Service

We use cookies

We use essential cookies for authentication and preferences. Analytics cookies help us improve VibeGen. Privacy Policy