Legal

Privacy Policy

How we handle account, project, credential, and service data.

Last updated: July 11, 2026

1. Who controls your data

VibeAssure, the service provider identified on your order confirmation or invoice, controls personal data used to operate the service. Contact privacy@vibeassure.com for privacy requests.

2. Data we collect

  • Account and contact data: name, email, organization, authentication records, and communications.
  • Order data: package, billing status, transaction identifiers, and invoice details. We do not store full payment-card numbers.
  • Project data: product descriptions, URLs, builds, test credentials, roles, instructions, sample data, screenshots, recordings, logs, reports, and findings.
  • Technical and usage data: IP address, device/browser information, pages and features used, diagnostics, cookies, and security events.
  • Support data: messages, attachments, feedback, and call or issue history.

3. Test credentials and project data

Use dedicated, least-privilege test accounts and non-production data. We use credentials and project data only to confirm scope, perform testing, prepare reports, provide support, secure the service, and meet legal obligations. Access is limited to personnel and providers who need it. Do not submit sensitive personal data unless expressly agreed.

4. Why and how we use data

  • Perform our contract: create accounts, process one-time orders, test agreed journeys, and deliver reports.
  • Pursue legitimate interests: secure and improve the service, prevent fraud, troubleshoot, support customers, and maintain business records.
  • Meet legal obligations, including tax, accounting, sanctions, and lawful requests.
  • Send optional analytics or marketing communications with consent where required; you may opt out at any time.

5. Providers and disclosures

We do not sell personal data. We disclose only what is needed to providers supporting authentication, payments, application hosting, cloud storage, email delivery, analytics, customer support, error monitoring, and AI-assisted internal workflows. Current providers may include Stripe for payments; authentication and social-login providers selected at sign-in; Vercel for hosting; Cloudflare and Amazon Web Services for network, security, or storage; and email, analytics, support, and AI providers configured for the service. AI providers may process limited project text to assist authorized report or support work, subject to provider terms and our controls. We may also disclose data to advisers, authorities where legally required, or a successor in a business transaction.

6. Retention

  • Account data: while the account is active and up to 30 days after an approved deletion request, unless law requires longer.
  • Test credentials: removed or rendered inaccessible within 30 days after report delivery or retest expiry, whichever is later, unless you ask us to keep access for another order.
  • Project files, evidence, and reports: normally up to 12 months after delivery, then deleted or anonymized, unless a shorter period is agreed.
  • Payment, tax, security, and contract records: up to 7 years or the period required by applicable law.
  • Support and analytics data: normally up to 24 months. Backups may persist for up to 90 additional days.

7. Account deletion

Request account deletion from your account tools, when available, or email privacy@vibeassure.com from the account address. We will verify the request, remove active account and project data within 30 days, and retain only records required for legal, fraud-prevention, security, dispute, or accounting purposes.

8. Security

We use access controls, encryption in transit, provider security controls, logging, and data-minimization practices. No system is completely secure. Tell us promptly if test credentials may have been exposed, and rotate them when testing ends.

9. Your privacy rights

Depending on where you live, you may request access, correction, deletion, portability, restriction, or objection; withdraw consent; opt out of marketing; and complain to a privacy regulator. We may verify your identity and may refuse or limit requests where law permits. Authorized agents may submit requests with proof of authority.

10. International transfers

VibeAssure operates from Jamaica and providers may process data in Jamaica, the United States, and other countries. Where required, we use appropriate contractual or legal safeguards for international transfers. Contact us for information about safeguards relevant to your data.

11. Cookies, children, and updates

We use necessary cookies for authentication, security, and preferences, and may use analytics with consent where required. The service is for business customers and is not directed to children. We will post policy updates here, change the effective date, and provide additional notice for material changes where required.

12. Contact and legal review

Privacy requests: privacy@vibeassure.com. General support: support@vibeassure.com.

This Privacy Policy is operational draft content and should be reviewed by a qualified legal professional before final publication.