Privacy Policy

We use cookies and similar technologies to provide essential site functionality (necessary cookies) and, with your consent, to remember your preferences, analyze how the Service is used (analytics cookies), and offer personalized content or communications (marketing cookies). Analytics and marketing cookies are used only with your prior consent. You can manage your preferences at any time via the cookie banner or in your account settings.

Vybe ("we", "us", or "our") operates an AI-powered media generation platform. This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Data Controller Information

For GDPR purposes, VYBE LTD is the data controller responsible for your personal data. Our registered office is located in Bulgaria (address to be confirmed before launch). We have appointed a Data Protection Officer who can be reached at dpo@vybe.com.

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

Contract Performance

We process data necessary to:

• Create and manage your account
• Provide AI generation services you request
• Process credit purchases and transactions
• Deliver customer support

Legitimate Interests

We process data based on our legitimate interests, balanced against your rights, to:

• Improve and optimize our Service
• Ensure platform security and prevent fraud
• Conduct analytics and understand usage patterns
• Send service-related communications
• Enforce our Terms of Service

Consent

We obtain your explicit consent to:

• Send marketing communications (you can opt-out anytime)
• Use non-essential cookies for analytics and personalization
• Process voice recordings for transcription
• Share your public content in galleries and social features

Legal Obligations

We process data when required by law to:

• Comply with court orders and legal processes
• Respond to government and law enforcement requests
• Maintain financial and tax records
• Report suspected illegal activities

Vital Interests

In rare cases, we may process data to protect vital interests, such as preventing imminent physical harm.

Personal Information

When you register for an account, we collect:

• Email address (required for account creation)
• Username (chosen by you)
• Display name (optional)
• Profile picture (optional)
• Bio and website information (optional)
• Password (encrypted and never stored in plain text)

OAuth/Social Login Information

When you sign in using Google or Facebook OAuth, we receive and collect:

• Your email address from the OAuth provider
• Your name (if provided by the OAuth provider)
• Your profile picture URL (if available)
• A unique identifier from the OAuth provider

Generated Content

We collect and store:

• Text prompts you submit for AI generation
• Voice recordings are processed solely for transcription and deleted immediately after processing. We do not use voice data for identification, profiling, or model training without your explicit opt-in consent
• Generated images and videos
• Your interaction data (likes, comments, follows, shares)
• Privacy settings for your content
• Metadata about generation (timestamps, settings used, credits consumed)

Usage Data

We automatically collect:

• IP address and location information
• Browser type and version
• Pages visited and time spent on our Service
• Device information and operating system
• Referral sources
• Usage patterns and feature interactions

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns
• Provide personalized content recommendations
• Improve our Service functionality

We use the collected information for various purposes:

• Service Provision: To provide, maintain, and improve our AI generation services
• Account Management: To create and manage your user account
• Content Generation: To process your prompts and generate AI content
• Social Features: To enable interactions with other users and content discovery
• Personalization: To provide personalized content recommendations
• Communication: To send important updates, notifications, and promotional content
• Security: To detect and prevent fraud, abuse, and security threats
• Analytics: To understand usage patterns and improve our services
• Legal Compliance: To comply with legal obligations and protect our rights

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

Public Information

• Content you mark as "public" is visible to all users
• Your username, display name, and profile picture are visible to other users
• Your public activity (likes, comments, follows) is visible to other users

Service Providers

• AI model providers (OpenAI, Groq, Kie.ai) for content generation
• Cloud storage providers (AWS S3) for file storage
• Payment processors (Stripe) for handling transactions
• Analytics services (Google Analytics) for usage analysis
• Email services for notifications and communications

Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Law enforcement requests
• Protection of our rights and property
• Prevention of fraud or abuse
• Protection of user safety

Cookies are small text files stored on your device. We categorize cookies as:

• Necessary: required for core functionality such as authentication, security, and load balancing.
• Preferences: remember choices like language or UI settings.
• Analytics: help us understand how the Service is used to improve performance and features.
• Marketing: enable personalized content or communications.

We will only use non-necessary cookies (preferences, analytics, marketing) with your consent. You can withdraw consent at any time by updating your cookie preferences.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Specific Retention Periods

• Account Information: Retained until account deletion
• Generated Content: Retained until you delete it or close your account
• Usage Data: Retained for operational and security purposes, and deleted upon account closure or upon request
• Voice Recordings: Deleted immediately after transcription (special category data)
• Payment Data: We do not store full payment card details; Stripe processes them on our behalf. Transaction records retained for 7 years per financial regulations
• Support Communications: Retained for up to 3 years

You have the following rights regarding your personal information:

Access and Portability

• Request a copy of all personal data we have about you
• Download your content and data in a structured format
• Access your account information through your profile settings

Correction and Updates

• Update your profile information at any time
• Correct inaccurate information
• Update your communication preferences

Deletion

• Delete individual pieces of content you've created
• Delete your entire account and associated data
• Request removal of specific personal information

Privacy Controls

• Set privacy levels for your content (Private by default, Public only by your choice)
• Control who can follow you and interact with your content
• Manage notification preferences
• Opt out of promotional communications

Restriction and Objection

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Object to direct marketing at any time
• Withdraw consent where processing is based on consent

Response Time

We respond to data subject requests within one month of receipt, as required by GDPR.

Age Requirements

Our Service is strictly for users who are 16 years old or older. Users under 18 must have parental permission.

We do not knowingly collect or solicit personal information from anyone under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that an account belongs to someone under 16, we will restrict access and delete the data without undue delay. Users aged 16-17 must have parental consent.

Age Verification

We verify user age through:

• Mandatory self-declaration during account registration
• Verification through payment methods (with parental consent if under 18)
• Automated detection systems for suspicious age-related patterns
• Manual review when age discrepancies are detected
• Temporary restriction of accounts while we verify age information

Underage User Detection

If we become aware that we have collected personal information from children under the applicable age without proper consent, we will:

• Immediately suspend the account
• Delete all personal information and generated content
• Notify the email address associated with the account
• Implement additional measures to prevent re-registration

If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately at privacy@vybe.com.

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

We ensure that such transfers are subject to appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPA) with all sub-processors
• Participation in the EU–US Data Privacy Framework (where applicable)
• Adequacy decisions by regulatory authorities
• Your explicit consent where required

Information about our sub-processors and data recipients, including their purpose, location, and legal transfer mechanisms, is available upon request by contacting our privacy team at privacy@vybe.com.

Our Service integrates with third-party services that have their own privacy policies:

AI Services

• OpenAI: For prompt enhancement and content moderation
  Data shared: Text prompts, generated content for moderation
  Purpose: Enhance user prompts, detect policy violations
• Groq: For voice-to-text transcription
  Data shared: Voice recordings (deleted after processing)
  Purpose: Convert speech to text for prompt generation
• Kie.ai: For image and video generation
  Data shared: Enhanced prompts
  Purpose: Generate AI images and videos

Infrastructure Services

• Amazon Web Services (AWS): For cloud storage and hosting
  Data shared: All user content and application data
  Purpose: Store and serve content, host application
• PostgreSQL: For primary data storage
  Data shared: User accounts, content metadata, social interactions
  Purpose: Store structured application data
• Redis: For caching and session management
  Data shared: Session data, temporary cache
  Purpose: Improve performance and manage user sessions
• BullMQ: For background job processing
  Data shared: Generation requests, processing tasks
  Purpose: Queue and process AI generation requests
• Stripe: For payment processing
  Data shared: Payment information, transaction details
  Purpose: Process credit purchases securely
• Resend: For email communications
  Data shared: Email addresses, notification content
  Purpose: Send account notifications and updates
• Google Analytics: For usage analytics (only with your prior consent)
  Data shared: Anonymized usage data with IP anonymization enabled
  Purpose: Understand and improve user experience
• Sentry: For error tracking
  Data shared: Error logs, stack traces (sanitized)
  Purpose: Monitor and fix application errors

We encourage you to review the privacy policies of these third-party services to understand how they handle your data. We ensure all third-party services we use are GDPR compliant and have appropriate data processing agreements in place.

Automated Decisions

We use automated systems that may make decisions affecting you:

• Content Moderation: AI systems automatically detect and may remove content that violates our policies
• NSFW Detection: Automated tagging of potentially adult content
• Fraud Prevention: Automated systems detect and prevent fraudulent credit purchases
• Recommendation Algorithms: Personalized content suggestions based on your activity
• Spam Detection: Automated filtering of spam comments and messages

Your Rights

We do not make decisions producing legal effects or similarly significantly affecting you based solely on automated processing. Under GDPR, you have the right to:

• Request human review of automated decisions
• Express your point of view about automated decisions
• Contest decisions that significantly affect you
• Opt-out of profiling for marketing purposes

Profiling

We may create profiles based on your usage to:

• Provide personalized content recommendations
• Improve our services (we do not use your prompts or outputs to train our models by default - you can opt-in to help improve our services in Settings)
• Detect unusual account activity
• Customize your experience

You can request to view your profile data or opt-out of certain profiling activities in your account settings or by contacting dpo@vybe.com.

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Sending you an email notification
• Displaying a prominent notice on our Service

We will update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

Our Commitment

We take data security seriously and have implemented measures to prevent data breaches. However, in the unlikely event of a breach, we have procedures in place to respond quickly and transparently.

Breach Detection and Response

Our breach response procedure includes:

• Continuous monitoring for security incidents
• Immediate investigation upon detection
• Assessment of risk to affected individuals
• Containment and remediation measures
• Documentation of the incident and response

User Notification

We will notify the competent supervisory authority within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to individuals. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and:

• Provide details about what data was affected
• Explain the potential consequences
• Describe measures we've taken to address the breach
• Recommend steps you can take to protect yourself
• Provide contact information for further questions

Regulatory Notification

We will notify relevant supervisory authorities as required by law, including the Bulgarian Commission for Personal Data Protection for GDPR compliance.

If you have any questions about this Privacy Policy, your data, or your rights, please contact us at:

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for:

• Overseeing our data protection strategy and implementation
• Ensuring compliance with GDPR and other data protection laws
• Serving as the point of contact for data subjects and supervisory authorities
• Conducting privacy impact assessments
• Training staff on data protection requirements
• Monitoring and auditing our data processing activities

You can contact our DPO directly at dpo@vybe.com for any privacy-related concerns or to exercise your data protection rights.

European Users

If you are located in the European Union, you also have the right to lodge a complaint with your local data protection authority.

Bulgaria Supervisory Authority: Commission for Personal Data Protection (CPDP), 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Email: commission@cpdp.bg, Phone: +359 2 915 3580, Website: cpdp.bg

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and sharing practices
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

We do not sell or share personal information as defined by the California Privacy Rights Act (CPRA).

To exercise these rights, contact us at privacy@vybe.com with your request and proof of California residency.

Some browsers offer a "Do Not Track" feature that lets you tell websites you do not want to have your online activities tracked. We currently do not respond to Do Not Track signals, but you can control tracking through your browser settings and our privacy controls.

Our Commitment to Transparency

We believe in being transparent about how we handle user data and content. We publish quarterly transparency reports that include:

• Number and types of government data requests received
• Number of accounts affected by government requests
• Content removal statistics by policy violation category
• Account suspension and termination statistics
• Appeal requests and outcomes
• DMCA takedown notices and counter-notices
• Data breach incidents (if any)
• Updates to our policies and practices

Access to Reports

Transparency reports are published on our website at vybe.com/transparency and are freely accessible to all users. Historical reports are maintained for at least 3 years.

Government Requests

When legally permitted, we notify users about government requests for their data. We challenge overly broad or unlawful requests and require valid legal process before disclosing user information.

Marketing Consent

We will only send you marketing communications if you have explicitly opted in. You can manage your communication preferences:

• During account registration (opt-in checkbox)
• In your account settings under “Communication Preferences”
• Via unsubscribe links in every marketing email
• By contacting us at privacy@vybe.com

Types of Communications

We may send you:

• Service Communications (Essential): Account updates, security alerts, policy changes - cannot be opted out
• Product Updates (Optional): New features, tips, tutorials - requires consent
• Promotional Offers (Optional): Special offers, discounts, events - requires consent
• Community Digest (Optional): Popular content, trending creators - requires consent

Frequency and Control

We respect your inbox. Marketing emails are limited to a reasonable frequency (typically no more than 2-3 per week). You can adjust frequency preferences or unsubscribe at any time without affecting your account.