VibeCodeMaxVibeCodeMax

Privacy Policy — Vibe Code Max

Effective date: 2026-03-31

This Privacy Policy explains how Vibe Code Max ("Vibe Code Max", "we", "us") collects, uses, discloses, and protects information when you use our website and app service at https://vibecodemax.app (the "Service").

Vibe Code Max is operated by Tinashe Nyatsoka, an individual sole proprietor based in Dallas, Texas, United States. For purposes of data protection laws (including the GDPR where applicable), we are the data controller for the personal information described in this Policy.

Contact: tinashe@vibecodemax.app

1) What we collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically when you use the Service, and (c) information from service providers you use to pay or authenticate.

A. Information you provide

  • Account information: email address, name if you provide one, and authentication data needed to create and access your account (managed through Supabase Auth, including Google sign-in where enabled).
  • Support communications: messages you send us through the contact form or by email, plus any information you choose to include in those messages.
  • Project information: onboarding choices, project configuration choices, prompts, and other text you input to create, save, and manage projects.
  • Stored project data and outputs: project drafts, generated project artifacts available for download, and uploaded branding assets or related files you choose to store.

Important: Do not enter sensitive personal information, payment card details, government IDs, or other confidential data into project inputs unless you are comfortable storing it in your project configuration, drafts, and generated outputs. The Service is designed for software template generation, not for handling sensitive personal data.

B. Information collected automatically

  • Usage data: pages viewed, basic interaction events, referrer information, approximate location derived from IP (for example, country or region), device/browser type, and timestamps.
  • Log and security data: IP address, request metadata, error logs, rate-limit events, CAPTCHA verification results, and other security events used to maintain and protect the Service.
  • Cookies and similar technologies: we use essential cookies for authentication, browser storage for cookie-consent preferences and temporary onboarding state, and analytics technologies only when you opt in. (See Section 6.)

C. Information from third parties

  • Payments (Lemon Squeezy): Lemon Squeezy acts as merchant of record and processes purchases, taxes, subscriptions, and payment details. We receive limited information such as order/subscription status, plan, billing period, invoices/receipts, and customer identifiers needed to provide the Service and handle billing support.
  • Authentication (Supabase Auth / Google): we use Supabase Auth to authenticate users and manage sessions (for example, sign-in, password reset, and magic links where enabled). If you choose Google Sign In, Google is involved in that authentication flow.

2) How we use your information

We use your information to:

  • Provide and operate the Service, including account creation, authentication, generating boilerplates, storing your project configuration and generated artifacts for later access, and maintaining your purchase, credit, and subscription access.
  • Process billing and manage purchases, including one-time purchases, annual subscriptions, credits, manual cancellations or refunds where applicable, and billing-related support.
  • Improve and maintain the Service, including troubleshooting, testing, analytics, and performance monitoring.
  • Provide customer support, respond to requests, and communicate about the Service.
  • Secure the Service, prevent fraud/abuse, and enforce our Terms of Service.
  • Comply with legal obligations, resolve disputes, and protect our rights.

3) Legal bases for processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or another region with similar legal requirements, we rely on the following legal bases:

  • Contract: to provide the Service you requested (account access, generation, storage, purchases, credits, and subscriptions).
  • Legitimate interests: to secure, maintain, and improve the Service; prevent fraud/abuse; and understand aggregate usage patterns (balanced against your rights).
  • Consent: where required for certain cookies or optional features.
  • Legal obligation: where we must comply with law (for example, tax and accounting obligations).

4) How we share information

We do not sell your personal information. We share information only as described below:

Service providers (processors)

We use trusted service providers to run the Service, including:

  • Supabase (authentication, sessions, database, and related account infrastructure)
  • Lemon Squeezy (payments, subscriptions, receipts, and merchant-of-record billing)
  • Mixpanel (website and product analytics, subject to your cookie preferences)
  • Resend (transactional email delivery and contact form delivery)
  • Cloudflare Turnstile (bot and abuse prevention for authentication and contact flows)
  • Netlify (hosting and delivery of the website/app)
  • Google Cloud / Google Cloud Storage (application infrastructure, generated output storage, and uploaded asset storage)

These providers process information on our behalf under their own privacy and security commitments and only as needed to provide their services to us.

Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, regulation, legal process, or governmental request;
  • enforce our Terms of Service;
  • protect the security or integrity of the Service; or
  • protect the rights, property, or safety of users, the public, or us.

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and notice where required.

5) Data retention

We retain personal information only as long as necessary for the purposes described in this Policy and to comply with applicable legal obligations.

  • Account, project configuration, drafts, and stored outputs: retained while your account is active. If you use the in-product delete account feature or submit a deletion request, we aim to delete or anonymize primary account data promptly. Some copies may remain in backups, logs, or disaster-recovery systems for a limited period, and certain information may be retained where necessary for legal, security, fraud-prevention, tax, accounting, or dispute-resolution purposes.
  • Billing records: we do not store payment card details. Lemon Squeezy maintains payment details as merchant of record. We may retain minimal billing-related records (for example, receipts, order/subscription status, credits, purchase history, and related support history) as required for tax, accounting, fraud prevention, chargebacks, or dispute resolution.
  • Logs and security data: retained for a limited period necessary for security, troubleshooting, abuse prevention, and service integrity, then deleted, anonymized, or aggregated.

6) Cookies and analytics

Authentication

We use essential cookies or similar technologies to maintain secure sessions and keep you signed in. These are required for the Service to work.

Analytics (Mixpanel)

We use Mixpanel to understand how visitors use our site. We use analytics to improve the Service and measure performance.

  • We do not use analytics for cross-site advertising.
  • We do not sell analytics data.
  • We do not use analytics to create profiles for behavioral advertising.

You can accept or reject analytics cookies in the cookie banner. Essential authentication cookies are always enabled.

If your browser blocks cookies, the Service may still work, but you may need to re-authenticate more frequently depending on your settings and the authentication flow.

Cookie preferences

You can change your cookie preferences at any time from your account settings when signed in, or by clearing this site's stored cookie-preference data in your browser and reloading the page.

7) International data transfers

We are based in the United States, and our service providers may process information in other countries. This means your information may be transferred to and processed in jurisdictions outside your place of residence, including countries that may have different data protection laws.

Where required by law (for example, for transfers from the EEA/UK), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other valid transfer mechanisms to protect your information.

8) Your rights and choices

We are committed to honoring applicable privacy rights under laws such as the GDPR/UK GDPR, CCPA/CPRA, and PIPEDA where they apply. The exact rights available to you depend on your location and our relationship with you.

Where available, you can exercise certain rights directly from your Account settings, including exporting your data and deleting your account. You can also contact us at tinashe@vibecodemax.app.

GDPR (EEA/UK)

If you are in the EEA/UK, you may have the right to:

  • access, correct, or delete your personal information;
  • object to or restrict certain processing;
  • request portability of your personal information;
  • withdraw consent where we rely on consent; and
  • lodge a complaint with your local supervisory authority.

You can exercise these rights from your account settings where available or by emailing tinashe@vibecodemax.app.

CCPA/CPRA (California)

If you are a California resident, you may have rights to:

  • know the categories and specific pieces of personal information we collect, use, disclose, and retain;
  • request deletion of personal information, subject to legal exceptions;
  • correct inaccurate personal information;
  • receive your personal information in a portable format where required; and
  • opt out of the "sale" or "sharing" of personal information (as defined by California law).

We do not sell personal information and do not share personal information for cross-context behavioral advertising.

To make a request, use the available tools in your account settings or email tinashe@vibecodemax.app. We may verify your request by requiring an authenticated session, confirming control of the account email address, or requesting additional information reasonably necessary to verify identity. We will not discriminate against you for exercising applicable privacy rights.

Categories collected (last 12 months):

  • Identifiers (e.g., email address, account IDs)
  • Internet or other electronic network activity (e.g., basic usage, logs)
  • Commercial information (e.g., order status, credit status, subscription status, invoices/receipts)
  • Approximate geolocation (derived from IP at a country/region level)
  • User-provided content (project configurations and stored generated outputs)

Sources: you, your device/browser, and our service providers (including Supabase, Lemon Squeezy, Mixpanel, Resend, Cloudflare Turnstile, Netlify, and Google Cloud).

Business purposes: operating the Service, security, analytics, customer support, billing, and complying with legal obligations.

PIPEDA (Canada)

If you are in Canada, you may have rights to access and correct your personal information, withdraw consent where permitted, and challenge our compliance with applicable privacy principles. You may use available in-product tools or contact tinashe@vibecodemax.app to request access or corrections.

General choices

  • Account settings: you may be able to update certain account information in your account settings.
  • Export data: when signed in, you may be able to export a copy of your account, projects, and billing-related history from your account settings.
  • Deletion: when signed in, you may be able to delete your account directly from account settings. You may also contact tinashe@vibecodemax.app to request deletion. Some information may be retained where required for legal, security, fraud-prevention, tax, accounting, chargeback, or dispute-resolution purposes as described in Section 5.
  • Request verification: to protect your account and personal information, we may require you to verify your identity before fulfilling certain requests.
  • Marketing emails: if we send marketing emails, you can opt out using the unsubscribe link or by contacting us. (Service/transactional emails may still be sent.)

9) Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. However, no system is 100% secure, and we cannot guarantee absolute security. You are responsible for protecting your account credentials and for keeping any generated code and secrets you deploy secure.

10) Children and teens

The Service is not directed to young children. Teens may use the Service with the permission and supervision of a parent or legal guardian.

If you believe a minor has provided personal information without appropriate permission, contact tinashe@vibecodemax.app, and we will take appropriate steps to delete the information.

11) Third-party links

The Service may link to third-party websites or services. Their privacy practices are governed by their own privacy policies, and we are not responsible for them.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on https://vibecodemax.app and update the effective date above. Your continued use of the Service after changes become effective means you accept the updated policy.

13) How to contact us

For privacy questions or to exercise your rights, contact:

Tinashe Nyatsoka

Email: tinashe@vibecodemax.app