Privacy Policy

We only collect information that is necessary to operate the service and to deliver the features you have asked for. The categories below describe everything we may receive.

• Account data. When you sign in with Google, we receive your name, email address, profile image and an opaque account identifier. We do not receive your Google password.
• App content. Briefs, metadata drafts, generated icons and screenshots, landing page content, legal questionnaire answers and any other material you create or upload while using the dashboard.
• App Store Connect credentials. If you choose to connect ASC, we receive an issuer ID and a private key file that you provide. These are encrypted at rest and used only to authenticate calls to Apple on your behalf.
• Billing data. If you purchase a paid plan, Stripe collects your payment details directly. We receive a customer identifier, plan information, and invoice metadata; we never see your full card number.
• Usage data. Standard request logs (timestamp, endpoint, IP, user agent) and feature telemetry (which steps you completed, error rates) so we can operate, secure, and improve the service.
• Cookies. A session-management cookie used by NextAuth, plus a small number of functional cookies (theme, locale). We do not use third-party advertising or cross-site tracking cookies.

• To create your account, render your dashboard, and persist the content you produce.
• To generate text, icons, and screenshots through our model providers (Anthropic Claude for copy; fal.ai for icon generation).
• To pull, mirror, and push data to App Store Connect on your behalf when you have connected your ASC credentials.
• To process payments through Stripe and to send transactional email related to your account, billing, and security.
• To monitor and protect the service against abuse, fraud, and outages.
• To respond to your support questions when you contact us.

• We do not sell your personal information to anyone, ever.
• We do not use your private app content (briefs, ASC credentials, generated drafts) to train third-party AI models.
• We do not run third-party advertising on Vibegrowing properties.
• We do not share your data with brokers or surveillance networks.

To run the service we share the minimum data needed with the following sub-processors. Each is bound by a written data processing agreement and processes your data only on our instructions.

• Vercel — application hosting, edge network, deployment.
• Cloudflare — DNS, wildcard SSL, CDN caching for landing pages.
• Amazon Web Services (S3) — storage for icons, screenshots, and other generated assets.
• A managed Postgres provider — primary application database.
• Anthropic — Claude (Sonnet) for copy generation. Anthropic does not train its models on data sent through the API.
• fal.ai — icon generation models.
• Google — sign-in only (OAuth).
• Apple — App Store Connect API calls when you have linked your ASC credentials.
• Stripe — payment processing and billing.

We keep your account data and the content you create for as long as your account is active. ASC credentials are stored encrypted at rest and can be removed by you at any time from the dashboard. Logs and short-term telemetry are kept for up to 90 days. When you delete your account, we remove your content within 30 days, except where we are legally required to retain a limited record (for example, billing receipts).

We protect your data with TLS in transit, encryption at rest for sensitive credentials, principle-of-least-privilege access for internal staff, and routine backups. No system is perfectly secure, but we work to keep yours safe and notify you in line with applicable law if a breach affecting your data ever occurs.

Depending on where you live, you may have the right to access, correct, export, or delete your personal information; to restrict or object to certain processing; and to lodge a complaint with a supervisory authority. You can exercise these rights from the dashboard, or by writing to us at melek@vibegrowing.ai.

Vibegrowing operates from servers in the United States and the European Union. By using the service you understand that your information may be transferred to, stored, and processed in countries outside your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

Vibegrowing is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us so we can remove it.

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or by a notice in the dashboard before the changes take effect. The "Last updated" date at the top reflects the current version.

For any privacy question, write to melek@vibegrowing.ai. We aim to reply within five business days.