Privacy Policy

VibeGym ("we") is operated by [COMPANY LEGAL NAME], registered at [REGISTERED ADDRESS], registration no. [NUMBER]. We are the data controller for the personal data described here. Contact: support@vibegym.space.

• Account data — email address, optional name, timezone, locale, password hash (if you set a password).
• Learning data — quiz answers, Builder Readiness Score, training sessions, lesson progress, streaks and XP.
• Billing data — subscription plan and status. Card details are processed by Stripe; we never see or store your card number.
• Analytics data (only with your consent) — product events such as pages viewed and lessons completed, collected via PostHog.
• Technical data — server logs and error reports (Sentry) needed to keep the service secure and working.

• Contract — providing the training service you signed up for, processing payments, sending transactional email (sign-in links, payment receipts and failures).
• Consent — product analytics cookies; lifecycle emails where required. You can withdraw consent at any time ("Cookie preferences" in the footer).
• Legitimate interest — service security, fraud prevention, error monitoring.
• Legal obligation — accounting and tax records for payments.

We share data only with processors needed to run the service: Stripe (payments), Resend (transactional email), PostHog (analytics, with consent), Sentry (error monitoring), DigitalOcean (hosting). Some processors are located outside the EEA; transfers rely on the EU Standard Contractual Clauses or an adequacy decision.

• Strictly necessary — sign-in session (httpOnly refresh token), anonymous quiz session (vg_anon), your cookie choice. No consent needed.
• Analytics — PostHog identifiers, set only after you click "Accept analytics". Withdraw any time via "Cookie preferences".

Account and learning data are kept while your account exists. When you delete your account (Settings → Danger zone), your profile is anonymized immediately and any active subscription is canceled. Billing records are retained as required by tax law (typically up to 10 years).

Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing. Account deletion is self-service in Settings. For anything else, email support@vibegym.space — we answer within 30 days. You may also lodge a complaint with your local supervisory authority.

We will announce material changes to this policy by email or an in-product notice before they take effect.