Privacy

VibeManager is operated by {Legal entity name — TBD}, registered in {Jurisdiction — TBD}, contactable at hello@vibemanager.io and privacy@vibemanager.io for data-protection matters.

• Account data: email, name, OAuth provider identifiers.
• Project artifacts: your submitted ideas, generated product plans, architecture documents, tasks, and generated code.
• Credentials vault: third-party API keys you choose to store, encrypted at rest with envelope encryption.
• Usage telemetry: agent calls, credit consumption, pipeline status.
• Billing data: handled by our payment processor (Polar). We do not store card details.

• To operate the pipeline and deliver the product you requested.
• To apply credit consumption and billing.
• To improve product reliability via aggregated, anonymous telemetry.
• We do not use your product idea, generated artifacts, or source code for model training, sharing, or any purpose beyond pipeline execution.

You retain full ownership of:

• Your submitted idea.
• All generated artifacts (product plan, architecture, tasks).
• All generated source code.
• Your deployed application.

VibeManager claims no license to resell, publish, or derive from your artifacts.

• Primary hosting region: {Region — TBD}.
• Deployed applications live on your connected hosting platform (Vercel / Railway / Render). VibeManager has no ongoing access after deploy.

Your project data is logically isolated from other users' data at the database layer. AI agent calls are scoped to a single project's context — cross-project or cross-user context contamination is architecturally impossible. Project artifacts are encrypted at rest with per-user encryption keys.

• Third-party API keys (Stripe, Twilio, SendGrid, etc.) are encrypted using envelope encryption.
• Plaintext credential values are never written to disk, logs, or AI context.
• Agents reference credentials by variable name (e.g., STRIPE_SECRET_KEY); actual values are injected at deployment time.
• Generated code passes a secrets scan before deployment — any detected plaintext credential blocks the deploy.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and all associated data — completed within 30 days.
• Export your project data (plan, architecture, tasks, code) in a portable Markdown + JSON bundle.
• Object to processing beyond pipeline delivery.
• Lodge a complaint with your supervisory authority.

To exercise any right, email privacy@vibemanager.io.

• Active account: retained until you delete.
• Deleted account: removed within 30 days.
• Aggregated telemetry: retained indefinitely in anonymized form.
• Billing records: retained for the period required by tax law (typically 7 years).

• Polar — billing and subscription management.
• Anthropic / OpenAI / Google — inference providers (your project content is processed by these providers during pipeline execution, subject to their data-handling policies).
• {Email provider — TBD} — transactional email (application invites, launch updates).
• {Error monitoring — TBD} — application error reporting (no project content sent).

• vm-theme — your theme preference (light/dark).
• Session cookie — to keep you signed in.
• No third-party analytics cookies unless you consent via a banner (banner: TBD).

VibeManager is not directed at children under 16. If you believe a child has created an account, email privacy@vibemanager.io and we will delete it.

We will announce material changes via email to registered users at least 30 days before they take effect. The LAST UPDATED stamp at the top of this page reflects the current version.