Privacy Policy

1. Information We Collect

Personal Information

We collect information that you provide directly to us, including:

• Account Information: Email address, password (encrypted), display name
• Profile Information: Bio, avatar, social media links (optional)
• Payment Information: Processed securely through Stripe (we do not store card details)
• Communication Data: Community posts, comments, messages
• Support Data: Correspondence with our support team

Automatically Collected Information

• Log Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent, click patterns, feature usage
• Cookies: Session cookies, authentication tokens, preference settings
• Security Data: Login attempts, 2FA codes (temporary), security events

2. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Deliver membership features, content access, community participation
• Authentication & Security: Verify identity, prevent fraud, protect accounts
• Payment Processing: Handle subscriptions, invoicing, refunds
• Communication: Send transactional emails, platform updates, security alerts
• Personalization: Customize content recommendations and user experience
• Analytics: Improve platform performance, understand user behavior
• Compliance: Meet legal obligations, enforce terms of service

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

• Contract: Processing necessary to fulfill our membership agreement
• Consent: You have given explicit consent for specific processing
• Legitimate Interests: Fraud prevention, security, platform improvement
• Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing and Disclosure

We share your information only in the following cases:

Service Providers

• Supabase: Authentication, database hosting (GDPR compliant)
• Stripe: Payment processing (PCI DSS compliant)
• Vercel: Hosting and CDN services
• Email Services: Transactional email delivery

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, safety, or property.

5. Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

• Right to Access: Request a copy of your personal data (Export Data)
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (Delete Account)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@vibecodingnights.com

6. Data Retention

We retain your data for the following periods:

• Account Data: Until account deletion or 90 days after inactivity
• Payment Records: 7 years (tax and legal compliance)
• Community Posts: Anonymized after account deletion
• Security Logs: 90 days for fraud prevention
• Analytics Data: Aggregated and anonymized indefinitely

7. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (always active)
• Analytics Cookies: Track usage patterns (requires consent)
• Preference Cookies: Remember your settings and choices

You can manage your cookie preferences through our cookie consent banner or browser settings.

8. Security Measures

We implement industry-standard security measures:

• End-to-end encryption for sensitive data
• Two-factor authentication (2FA) available
• Regular security audits and penetration testing
• HTTPS/TLS encryption for all data transmission
• CSRF protection on all forms and actions
• Rate limiting to prevent abuse
• Secure password hashing (bcrypt)

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequate data protection agreements with our service providers.

10. Children's Privacy

Our platform is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or prominent notice on the platform. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data requests, or complaints, contact us at: