Legal

Privacy Policy

Last updated: March 18, 2026

1. Data Controller

The data controller responsible for your personal data is:

• Vibdesign
• France
• Email: contact@vibdesign.com

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Vibdesign plugin and associated services (“Service”). It applies to all users globally, with specific provisions for residents of the European Union (GDPR) and California (CCPA).

2. Data We Collect

We collect the following categories of personal data:

Account Information

• Email address (used for authentication and communications)
• Name (optional, provided during account setup)
• Subscription status and plan type

Usage Data

• Plugin interactions and feature usage (for product improvement)
• Error logs and diagnostic information
• Session metadata (timestamps, feature flags)

Payment Data

• Payment information is processed by Stripe, Inc. We do not store credit card numbers or full payment details. We receive a tokenized reference and billing status from Stripe.

AI Prompt Data

• Prompts and design context you send through the plugin are transmitted to third-party AI providers for processing. We do not store prompt content on our servers beyond what is necessary to complete the request.

3. Legal Basis for Processing (GDPR)

If you are located in the European Union, we process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the Service you subscribed to, including account management and billing.
• Legitimate interests (Art. 6(1)(f) GDPR) — processing for fraud prevention, security, and improving our Service, provided these interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR) — for optional analytics cookies and marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR) — where required by applicable law (e.g., tax records, accounting obligations).

4. Third-Party Processors

We share data with the following third-party service providers solely to operate the Service:

• Stripe, Inc. — payment processing. Stripe acts as an independent data controller for payment data. See Stripe’s Privacy Policy.
• Cloudflare, Inc. — infrastructure, CDN, and edge computing. Your requests are routed through Cloudflare Workers. See Cloudflare’s Privacy Policy.
• Anthropic, PBC — AI processing when using Claude models. Prompts you send may be processed by Anthropic. See Anthropic’s Privacy Policy.
• OpenAI, LLC — AI processing when using GPT models. See OpenAI’s Privacy Policy.
• Google LLC — AI processing when using Gemini models. See Google’s Privacy Policy.

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service. Specifically:

• Account data is retained until you delete your account.
• Usage and diagnostic logs are retained for up to 12 months.
• Billing records are retained for 10 years as required by French accounting law.
• AI prompt data is not retained on our servers beyond the duration of the request.

6. Your Rights

GDPR Rights (EU Residents)

Under the General Data Protection Regulation, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data (“right to be forgotten”).
• Portability — receive your data in a structured, machine-readable format.
• Restriction — request that we restrict processing in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

You also have the right to lodge a complaint with your national data protection authority. In France, this is the CNIL (www.cnil.fr).

CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal data we collect and how it is used.
• Request deletion of your personal data.
• Opt out of the sale of personal data (we do not sell personal data).
• Non-discrimination for exercising your CCPA rights.

To exercise any of these rights, please contact us at contact@vibdesign.com. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving your request.

7. Cookies

We use cookies and similar technologies to operate the Service. For full details on the cookies we use and how to control them, please see our Cookie Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include TLS encryption for data in transit and access controls for data at rest.

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we will notify you in accordance with applicable law in the event of a data breach.

9. International Transfers

Your data may be processed in countries outside the European Economic Area, including the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Contact & DPO

For privacy-related inquiries, requests, or complaints:

• Email: contact@vibdesign.com
• Postal: Vibdesign, France

We will acknowledge your request promptly and respond within the applicable legal timeframe.