Vibeland

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Vibeland ("we," "us," or "our") operates the Vibeland platform at vibeland.app, operated by Soyeon Noh (Business Registration No. 865-10-01647, Republic of Korea). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

  • Email address (required for registration)
  • Display name and avatar (optional)
  • OAuth provider data if you sign in with Google or GitHub

2.2 Content You Create

  • Prompts and instructions you submit for AI generation
  • Generated apps, artifacts, and source code
  • Canvas metadata (layout, title, description)
  • Characters and their configurations
  • Design systems and tokens
  • Files you upload (images, etc.)

2.3 Usage & Technical Data

  • Generation counts, token usage, and Spark transactions
  • Browser type, language, timezone, and device information
  • Error logs and crash reports (via PostHog, with personal data stripped)
  • IP addresses are processed server-side but not stored in error tracking

2.4 Location Data (Optional)

You may optionally enable location sharing to provide context for AI-generated apps. Location data is stored locally in your browser and is only sent during generation requests. You can disable this at any time.

2.5 Payment Information

Payments are processed by Paddle, our Merchant of Record. We store your Paddle customer ID and subscription status but never store credit card numbers or sensitive payment details on our servers. Paddle handles all payment processing, tax compliance, and invoicing on our behalf.

2.6 Cookies & Local Storage

  • Authentication cookies (httpOnly, secure) — session management
  • CSRF token (httpOnly) — security protection
  • Locale cookie — language preference
  • Theme cookie — light/dark mode preference
  • localStorage — last canvas visited, onboarding state, location preference

3. How We Use Your Information

  • Generate interactive apps using AI models based on your prompts
  • Process payments and manage your Spark balance
  • Distribute creator earnings from app sales
  • Display your published content in the App Store
  • Send you service-related notifications (e.g., subscription changes)
  • Monitor and improve service stability (error tracking)
  • Enforce our Terms of Service and prevent abuse

4. Third-Party Services

We share data with the following third parties, strictly for the purposes described:

AI Model Providers (OpenAI, Google, Anthropic)

Your prompts and optional user context (language, timezone, location if enabled) are sent to AI providers to generate apps. We do not send your account details.

Paddle

Merchant of Record for subscriptions and Spark purchases. Paddle handles payment processing, tax compliance, and invoicing. Subject to Paddle's Privacy Policy.

Supabase

Database hosting, authentication, and file storage infrastructure.

PostHog

Product analytics and error monitoring. Authorization headers, cookies, and IP addresses are stripped before transmission.

Vercel

Application hosting and CDN delivery.

5. Data Security

  • All data is transmitted over HTTPS/TLS encryption
  • Authentication tokens are stored in httpOnly cookies (inaccessible to JavaScript)
  • CSRF protection on all mutating API endpoints
  • Row-Level Security (RLS) policies on all database tables
  • AI-generated app code runs in a sandboxed environment without access to auth tokens or API keys
  • API keys for third-party services are encrypted at rest in Supabase Vault

6. Data Retention & Deletion

Your content is retained as long as your account is active. When you delete your account, all associated data (canvases, artifacts, characters, transactions) is permanently deleted via cascading deletion. Payment records may be retained by Paddle per their legal obligations.

You can delete individual canvases, artifacts, and uploaded files at any time through the app.

7. Your Rights

  • Access — View your data through the Account page
  • Correction — Update your profile information at any time
  • Deletion — Delete your account and all associated data
  • Portability — Export your generated app source code
  • Opt-out — Disable location tracking, control canvas visibility (public/private)

To exercise these rights or for any privacy inquiries, contact us at support@vibeland.app.

8. Children's Privacy

Vibeland is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

9. International Data Transfers

Our services are hosted in the United States. If you access Vibeland from outside the US, your data may be transferred to and processed in the US. By using our service, you consent to this transfer.

10. Merchant of Record

Paddle.com Market Limited acts as our Merchant of Record for all payment transactions. When you make a purchase, your transaction is processed by Paddle, who may collect additional information necessary for payment processing and tax compliance. Paddle's handling of your data is governed by Paddle's Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at support@vibeland.app.

Terms of ServicePrivacy PolicyRefund Policy