Privacy Policy

Last Updated: November 26, 2025

1. Introduction

Vibe with AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our thumbnail generation service ("the Service").

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and Portuguese data protection laws (Lei n.º 58/2019).

2. Data Controller

The data controller responsible for your personal data is:

Vibe with AI
Nikolas Jaeger

For inquiries regarding data protection, please use the contact form at the bottom of this page.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, password (encrypted), and username
  • Payment Information: Billing name, payment method details (processed by Stripe)
  • Content You Create: Text prompts, uploaded images, and generated thumbnails
  • Communications: Messages you send to our support team

3.2 Information Collected Automatically

  • Usage Data: Number of thumbnails generated, features used, subscription tier
  • Device Information: Browser type, operating system, IP address
  • Log Data: Access times, pages viewed, error logs
  • Cookies: Session cookies for authentication and preferences

3.3 Information from Third Parties

  • Payment Processor (Stripe): Payment status, transaction information
  • Authentication Service (Supabase): Account verification data
  • AI Service Provider (Google Gemini): Image generation requests and responses

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing is necessary to perform our contract with you, including providing the Service, managing your account, and processing payments.

4.2 Legitimate Interests

We process data to improve our Service, ensure security, prevent fraud, and communicate service updates.

4.3 Consent

For certain processing activities, such as marketing communications, we will obtain your explicit consent.

4.4 Legal Obligations

We may process data to comply with legal requirements, such as tax obligations and responding to lawful requests from authorities.

5. How We Use Your Information

We use your information for the following purposes:

  • Providing and maintaining the Service
  • Processing your payments and managing subscriptions
  • Generating AI-powered thumbnails based on your requests
  • Authenticating your identity and securing your account
  • Communicating with you about the Service, including updates and support
  • Analyzing usage patterns to improve the Service
  • Enforcing our Terms of Service and preventing fraud
  • Complying with legal obligations
  • Sending marketing communications (with your consent)

6. Data Sharing and Disclosure

We share your information only in the following circumstances:

6.1 Service Providers

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Supabase: Database hosting and authentication
  • Google Gemini: AI image generation

These providers are contractually obligated to protect your data and use it only for the specified purposes.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6.4 With Your Consent

We may share your information for other purposes with your explicit consent.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located.

We ensure that such transfers comply with GDPR requirements through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection standards
  • Service providers' compliance with appropriate safeguards

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Until you delete your account, plus 30 days for backup retention
  • Generated Content: According to your subscription tier (30-90 days, or unlimited for Studio)
  • Payment Records: 7 years to comply with tax and accounting regulations
  • Log Data: 90 days for security and troubleshooting purposes
  • Marketing Communications: Until you unsubscribe

After the retention period, we securely delete or anonymize your data.

9. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of your personal data we hold.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

9.4 Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances.

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD):

Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134, 1º
1200-651 Lisboa, Portugal
Tel: +351 213 928 400
Email: geral@cnpd.pt
Website: www.cnpd.pt

Exercising Your Rights

To exercise any of these rights, please contact us using the contact form below. We will respond to your request within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure password storage using industry-standard hashing
  • Regular backups and disaster recovery procedures
  • Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use the Service (with consent)

11.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

12. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

13. Automated Decision-Making

We use AI technology to generate thumbnails based on your inputs. This automated processing does not involve decisions that produce legal effects or similarly significantly affect you. You have the right to request human review of any AI-generated content.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on the Service and updating the "Last Updated" date. For significant changes, we will provide more prominent notice, including email notification where required by law.

Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

15. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

16. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, including data protection inquiries, please contact us:

17. Additional Information for EU Users

This Privacy Policy has been designed to comply with GDPR requirements. EU users benefit from the protections afforded by GDPR, including the rights outlined in Section 9 of this policy.

For Portuguese users, our data processing practices comply with Lei n.º 58/2019 (Lei de Proteção de Dados Pessoais) and are supervised by the CNPD.