Vibeland

Privacy Policy

Last updated: May 14, 2026

1. Introduction

Vibeland ("we," "us," or "our") operates the Vibeland platform at vibeland.app, operated by Soyeon Noh (Business Registration No. 865-10-01647, Republic of Korea). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

  • Email address (required for registration)
  • Display name and avatar (optional)
  • OAuth provider data if you sign in with Google or GitHub

2.2 Content You Create

  • Prompts and instructions you submit for AI generation
  • Generated apps, artifacts, and source code
  • Canvas metadata (layout, title, description)
  • Characters and their configurations
  • Design systems and tokens
  • Files you upload (images, etc.)

2.3 Usage & Technical Data

  • Generation counts, token usage, and Spark transactions
  • Browser type, language, timezone, and device information
  • Error logs and crash reports (via PostHog, with personal data stripped)
  • IP addresses are processed server-side but not stored in error tracking

2.4 Location Data (Optional)

You may optionally enable location sharing to provide context for AI-generated apps. Location data is stored locally in your browser and is only sent during generation requests. You can disable this at any time.

2.5 Payment Information

Payments are processed by Paddle, our Merchant of Record. We store your Paddle customer ID and subscription status but never store credit card numbers or sensitive payment details on our servers. Paddle handles all payment processing, tax compliance, and invoicing on our behalf.

2.6 Photos from the Snapkit app

The Snapkit iPhone app (bundle ID app.codeful.vibeland.shortcuts) lets you take or pick a photo and run an AI shortcut on it. When you do:

  • The photo is transmitted from your device to our servers over an encrypted HTTPS connection.
  • We forward the photo to Anthropic Claude, our AI sub-processor, for analysis. Anthropic processes the photo to generate a result and does not use your inputs for model training under our agreement.
  • If you are signed in, the photo and the resulting card are stored against your account under the shortcut_runs table so you can see them in History and replay them across devices. You can delete any individual run from the in-app history strip, or delete your entire account from the profile menu (Settings → Delete account) to permanently remove every run.
  • If you run shortcuts signed out, the photo and result are stored against an anonymous row that has no link back to a personal identifier; we retain anonymous runs only as long as needed for abuse review and then expire them.
  • We do not display photos publicly, share them with advertisers, or use them to train any model.

The iPhone Camera and Photo Library permissions are required only to capture the photo locally before this upload — that permission alone does not authorise the upload. We obtain explicit consent via an in-app disclosure sheet the first time you tap the camera or library button.

2.7 Cookies & Local Storage

  • Authentication cookies (httpOnly, secure) — session management
  • CSRF token (httpOnly) — security protection
  • Locale cookie — language preference
  • Theme cookie — light/dark mode preference
  • localStorage — last canvas visited, onboarding state, location preference

3. How We Use Your Information

  • Generate interactive apps using AI models based on your prompts
  • Process payments and manage your Spark balance
  • Distribute creator earnings from app sales
  • Display your published content in the App Store
  • Send you service-related notifications (e.g., subscription changes)
  • Monitor and improve service stability (error tracking)
  • Enforce our Terms of Service and prevent abuse

4. Third-Party Services

We share data with the following third parties, strictly for the purposes described:

AI Model Providers (OpenAI, Google, Anthropic)

Your prompts and optional user context (language, timezone, location if enabled) are sent to AI providers to generate apps. We do not send your account details. Snapkit specifically forwards your captured photo plus the shortcut's system prompt to Anthropic Claude for vision analysis — see Section 2.6.

Paddle

Merchant of Record for subscriptions and Spark purchases. Paddle handles payment processing, tax compliance, and invoicing. Subject to Paddle's Privacy Policy.

Supabase

Database hosting, authentication, and file storage infrastructure.

PostHog

Product analytics and error monitoring. Authorization headers, cookies, and IP addresses are stripped before transmission.

Vercel

Application hosting and CDN delivery.

5. Data Security

  • All data is transmitted over HTTPS/TLS encryption
  • Authentication tokens are stored in httpOnly cookies (inaccessible to JavaScript)
  • CSRF protection on all mutating API endpoints
  • Row-Level Security (RLS) policies on all database tables
  • AI-generated app code runs in a sandboxed environment without access to auth tokens or API keys
  • API keys for third-party services are encrypted at rest in Supabase Vault

6. Data Retention & Deletion

Your content is retained as long as your account is active. When you delete your account, all associated data (canvases, artifacts, characters, transactions) is permanently deleted via cascading deletion. Payment records may be retained by Paddle per their legal obligations.

You can delete individual canvases, artifacts, and uploaded files at any time through the app.

7. Your Rights

  • Access — View your data through the Account page
  • Correction — Update your profile information at any time
  • Deletion — Delete your account and all associated data
  • Portability — Export your generated app source code
  • Opt-out — Disable location tracking, control canvas visibility (public/private)

To exercise these rights or for any privacy inquiries, contact us at support@vibeland.app.

8. Children's Privacy

Vibeland is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

9. International Data Transfers

Our services are hosted in the United States. If you access Vibeland from outside the US, your data may be transferred to and processed in the US. By using our service, you consent to this transfer.

10. Merchant of Record

Paddle.com Market Limited acts as our Merchant of Record for all payment transactions. When you make a purchase, your transaction is processed by Paddle, who may collect additional information necessary for payment processing and tax compliance. Paddle's handling of your data is governed by Paddle's Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at support@vibeland.app.

Terms of ServicePrivacy PolicyRefund Policy