Back to Vibeland

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Vibeland ("we," "us," or "our") operates the Vibeland platform at vibeland.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

  • Email address (required for registration)
  • Display name and avatar (optional)
  • OAuth provider data if you sign in with Google or GitHub

2.2 Content You Create

  • Prompts and instructions you submit for AI generation
  • Generated apps, artifacts, and source code
  • Canvas metadata (layout, title, description)
  • Characters, agents, and their configurations
  • Design systems and tokens
  • Files you upload (images, etc.)

2.3 Usage & Technical Data

  • Generation counts, token usage, and Spark transactions
  • Browser type, language, timezone, and device information
  • Error logs and crash reports (via Sentry, with personal data stripped)
  • IP addresses are processed server-side but not stored in error tracking

2.4 Location Data (Optional)

You may optionally enable location sharing to provide context for AI-generated apps. Location data is stored locally in your browser and is only sent during generation requests. You can disable this at any time.

2.5 Payment Information

Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or sensitive payment details on our servers.

2.6 Cookies & Local Storage

  • Authentication cookies (httpOnly, secure) — session management
  • CSRF token (httpOnly) — security protection
  • Locale cookie — language preference
  • Theme cookie — light/dark mode preference
  • localStorage — last canvas visited, onboarding state, location preference

3. How We Use Your Information

  • Generate interactive apps using AI models based on your prompts
  • Process payments and manage your Spark balance
  • Distribute creator earnings from marketplace sales
  • Display your published content in the App Store and Agent Marketplace
  • Send you service-related notifications (e.g., subscription changes)
  • Monitor and improve service stability (error tracking)
  • Enforce our Terms of Use and prevent abuse

4. Third-Party Services

We share data with the following third parties, strictly for the purposes described:

AI Model Providers (OpenAI, Google, Anthropic)

Your prompts and optional user context (language, timezone, location if enabled) are sent to AI providers to generate apps. We do not send your account details.

Stripe

Payment processing for subscriptions and Spark purchases. Subject to Stripe's Privacy Policy.

Supabase

Database hosting, authentication, and file storage infrastructure.

Sentry

Error monitoring and crash reporting. Authorization headers, cookies, and IP addresses are stripped before transmission.

Vercel

Application hosting and CDN delivery.

5. Data Security

  • All data is transmitted over HTTPS/TLS encryption
  • Authentication tokens are stored in httpOnly cookies (inaccessible to JavaScript)
  • CSRF protection on all mutating API endpoints
  • Row-Level Security (RLS) policies on all database tables
  • AI-generated app code runs in a sandboxed environment without access to auth tokens or API keys
  • API keys for third-party services are encrypted at rest in Supabase Vault

6. Data Retention & Deletion

Your content is retained as long as your account is active. When you delete your account, all associated data (canvases, artifacts, characters, agents, transactions) is permanently deleted via cascading deletion. Payment records may be retained by Stripe per their legal obligations.

You can delete individual canvases, artifacts, and uploaded files at any time through the app.

7. Your Rights

  • Access — View your data through the Account page
  • Correction — Update your profile information at any time
  • Deletion — Delete your account and all associated data
  • Portability — Export your generated app source code
  • Opt-out — Disable location tracking, control canvas visibility (public/private)

To exercise these rights or for any privacy inquiries, contact us at codefulteam@gmail.com.

8. Children's Privacy

Vibeland is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

9. International Data Transfers

Our services are hosted in the United States. If you access Vibeland from outside the US, your data may be transferred to and processed in the US. By using our service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at codefulteam@gmail.com.

Terms of UsePrivacy Policy