Last updated: December 2024
Table of Contents
Introduction
This Privacy Policy describes how Vibe ("we", "our", "the Application") collects, uses, stores and protects your personal information when you use our mobile application.
By using Vibe, you accept the practices described in this policy. We encourage you to read it carefully.
Data Collected
Data you provide to us
- Account information: Email address, password (encrypted), first name
- Profile: Photos, date of birth, nationality, biography, travel interests
- Trips: Destinations, travel dates, current location
- Communications: Messages exchanged with other users
- Reports: Information provided when reporting
Data collected automatically
- Location: GPS position (only with your consent)
- Usage data: Features used, frequency of use
- Technical information: Device type, operating system version, unique identifiers
- Logs: Connection date and time, IP address
Third-party data
If you sign in via Google or Apple, we receive the following information:
- First and last name
- Email address
- Profile photo (if available)
Use of Data
We use your data to:
Provide the service
- Create and manage your account
- Display your profile to other users
- Enable messaging
- Display travelers on the map
Improve the experience
- Personalize content
- Analyze usage
- Fix bugs
- Develop new features
Security
- Detect fraudulent behavior
- Prevent abuse
- Process reports
- Protect users
Communication
- Application notifications
- Important information
- Respond to your requests
- User support
Legal basis for processing
We process your data on the following legal bases:
- Contract performance: To provide the service you requested
- Consent: For geolocation and certain communications
- Legitimate interest: To improve our services and ensure security
- Legal obligation: To comply with applicable laws
Storage and Security
Where is your data stored?
Your data is stored on secure servers provided by Supabase, located in the European Union.
Security measures
We implement the following measures to protect your data:
- Encryption of data in transit (HTTPS/TLS)
- Password encryption (hashing)
- Strict data access control
- System monitoring
- Regular backups
- Row Level Security (RLS) policy on the database
Retention period
- Active account: Your data is kept as long as your account is active
- After deletion: Your data is deleted within 30 days
- Log data: Kept for a maximum of 12 months
- Report data: Kept for 3 years for legal reasons
Your Rights
Under GDPR, you have the following rights:
Right of access
You can request a copy of all data we hold about you.
Right to rectification
You can correct your personal information directly in the Application or contact us.
Right to erasure
You can request deletion of your data. See our Account Management page.
Right to portability
You can request to receive your data in a structured, readable format.
Right to object
You can object to certain processing of your data.
Right to withdraw consent
You can withdraw your consent at any time (e.g., geolocation).
How to exercise your rights?
To exercise your rights, you can:
- Modify your information in the Application settings
- Contact us via the Contact page
- Send an email to our contact address
We will respond to your request within 30 days.
Complaint
If you believe your rights are not being respected, you can file a complaint with your local data protection authority.
Minors
Changes to this Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with a new "Last updated" date.
In case of significant changes, we will notify you by notification in the Application or by email.
Contact
For any questions regarding this Privacy Policy or your personal data, you can contact us:
- Via our Contact page
- By email (see Contact page)