Privacy Policy

Last updated: June 16, 2026

1. Introduction

VibeCom ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI marketing agent platform, including AI marketing agents, SEO Agent, GEO Agent, supporting idea validation, affiliate features, public sharing, and MCP integrations.

We do not sell your personal information. We never sell, rent, or trade your personal data or business information to third parties for their marketing or commercial purposes.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials
  • Product and Business Information: Product descriptions, target audience, brand voice, marketing materials, product URLs, website domains, competitors, customer context, positioning, and related business context you input into the Service or ask an agent to collect
  • Content Data: AI-generated posts, articles, and marketing content created through the Service, including drafts, images, recommendations, review decisions, publishing status, schedule metadata, and associated performance metadata
  • SEO and GEO Data: Website page inventory, sitemap URLs, page titles, meta descriptions, headings, content summaries, keyword metrics, Search Console performance data, community thread candidates, and GEO recommendations
  • MCP Integration Data: Product context, instructions, OAuth authorization data, and commands sent through MCP (Model Context Protocol) connections from your code editor, terminal, compatible builder, or other MCP client. VibeCom does not access your source code or filesystem unless you explicitly provide that content through a tool call or message
  • Connected Account Credentials: OAuth tokens, refresh tokens, account identifiers, selected pages or properties, and connection metadata for services you connect, such as X/Twitter, LinkedIn, WordPress-compatible blogs, and Google Search Console
  • Uploads and Shared Artifacts: PDFs, images, screenshots, pasted text, generated reports, chat conversations, and any report or conversation snapshots you choose to share by public link
  • Payment Information: Billing details processed securely through our payment processor
  • Communication Data: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, events, errors, referral attribution, and interaction patterns
  • First-Party Attribution Data: Visitor and visit identifiers, landing pages, referral sources, campaign parameters, click identifiers, and conversion events such as signups, trials, and purchases. We use this data to understand which VibeCom campaigns and pages led to account activity.
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Cookies and Tracking: We use cookies and similar technologies to enhance user experience and analyze usage patterns. See our Cookie Policy for details.
  • Diagnostics: Error logs, performance traces, and limited session replay data used to debug crashes and improve the Service

2.3 Information Collected from Public Sources

To generate relevant marketing content and competitor insights, our AI agents automatically collect publicly available information from the web, including:

  • Industry news, blog posts, and articles related to your product category
  • Public social media posts and discussions (e.g., Reddit, X/Twitter, Hacker News, and other public communities) relevant to your market
  • Publicly available competitor information (websites, product pages, pricing)
  • Public web pages, sitemaps, robots.txt files, and search result snippets used for page inventory, SEO recommendations, competitor monitoring, and GEO recommendations

This data is collected using web search and content extraction services and is used solely to inform content generation for your account. We do not store personal information from public sources beyond what is necessary for content creation.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide Services: Generate AI-powered marketing content, product research, competitor monitoring, SEO analysis, GEO recommendations, image assets, reports, and approval workflows
  • Content Distribution: Publish and schedule approved content to your connected platforms including social media accounts and blogs. GEO-generated Reddit replies are recommendations for manual review and posting; VibeCom does not auto-post Reddit comments
  • Search and Website Workflows: Sync Search Console performance, submit or resubmit sitemaps when authorized, crawl public website pages, and turn keyword, page, and community signals into recommendations
  • Improve the Service: Understand usage patterns and make the product better
  • Personalization: Customize your experience, learn your brand voice, and provide relevant content recommendations
  • Communication: Send service updates, publishing notifications, and respond to your inquiries
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Public Sharing: Create and serve public snapshots of reports or conversations when you choose to generate a share link
  • Legal Compliance: Comply with legal obligations and protect our rights

3.1 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service and fulfill our agreement with you (account management, AI analysis, payment processing)
  • Legitimate Interests: Processing for purposes such as improving the Service, analytics, and security, where our interests are not overridden by your rights
  • Legal Obligation: Processing required to comply with applicable laws and regulations
  • Consent: Processing for marketing communications, optional cookies, and connected third-party account permissions that you may withdraw by disconnecting the account or changing your preferences

3.2 AI Processing and Your Data

When you use the Service, your product context, marketing materials, and instructions are processed by AI to generate marketing content, competitor analysis, and recommendations. We do not use your specific business information to train or fine-tune AI models. Aggregated, anonymized usage data may be used to improve our product and AI capabilities.

The AI generates content based on your inputs and general knowledge. AI-generated social and blog content enters an approval workflow before publishing. Connected channels may publish approved scheduled posts automatically at the time you selected, but nothing is published to your connected channels before it is approved or explicitly published by you. No decisions with legal or significant personal effects are made automatically based solely on AI output.

4. Confidentiality of Your Business Data

We understand that your product information, marketing strategy, and business data are valuable and confidential. We commit to:

  • Share your data only as needed to operate the Service, with the service providers listed in this Policy, with platforms you connect, or when you choose to publish or share content
  • Never sell your data or use your content to train AI models
  • Protect your data with industry-standard security measures so only you can access it
  • Limit access to your data to authorized personnel who need it to provide the Service
  • Allow you to delete your data and associated content at any time

4.1 Your content stays yours — always

We built VibeCom so people and small teams can market without fear. Your product data, marketing materials, and generated content are never sold and never used to train AI models. Your content is private by default — only you can see it until you choose to publish it to your connected platforms or create a public share link. Content published to third-party platforms is subject to those platforms' own privacy policies.

4.2 Public share links

If you create a public share link for a report or conversation, we store a snapshot of the shared content and make it accessible to anyone with the link while the share is active. You can revoke or reactivate share links from the Service. Revoking a share link stops future access through that link, but anyone who already viewed, copied, screenshotted, or indexed the content may retain a copy.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers who help us operate the Service. All service providers are contractually required to protect your information and use it only for the purposes we specify. Our key providers include:

  • AI Processing: Anthropic (Claude), Google (Gemini), OpenAI, xAI (Grok), DeepSeek, and OpenRouter — to generate marketing content, analysis, and recommendations from your inputs
  • Image & Media Generation: Runware, Replicate, Minimax, and ElevenLabs — to generate images, video, and audio for your marketing content
  • Search, SEO & Content Collection: Brave Search API, Jina, Bright Data, DataForSEO, and Google Search Console APIs — to discover public sources, crawl pages, retrieve keyword metrics, sync search performance, and manage authorized sitemap submissions
  • Third-Party Platforms: X/Twitter, LinkedIn, WordPress, and other connected publishing platforms — to publish approved content on your behalf using your authorized credentials; Reddit workflows are drafted for manual review rather than auto-published
  • Authentication: Google Firebase — to manage sign-in and account security
  • Email: Resend — to send transactional emails, notifications, and publishing reports
  • Payments: Stripe — to process subscriptions and payouts securely (we never store your card details)
  • Hosting & Infrastructure: Vercel, Cloudflare (R2 storage, video streaming), Upstash (Redis caching), and cloud database providers — to serve, store, and cache your data
  • Analytics & Diagnostics: Google Analytics, Google Tag Manager, Vercel Analytics, and Sentry — to understand aggregate usage patterns, diagnose errors, and improve product reliability

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5.4 Affiliate Program

If you participate in our affiliate program, we collect and process your referral code, referred user identifiers, commission amounts, and payout details. This data is used to track referrals, calculate commissions, and process payments. We do not share your affiliate earnings or referral data with third parties except our payment processor (Stripe) for payout processing. Referred users may see the referring affiliate's referral code but not their identity.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption of data in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information and business data
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Opt-out: Unsubscribe from marketing communications at any time
  • Restriction or Objection: Request that we limit or stop processing your information for certain purposes

Users in the European Economic Area (EEA) have additional rights under the GDPR. To exercise any of these rights, please contact us at

7.1 California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. Because we do not sell personal information, there is no need to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your California privacy rights, please contact us at . We will verify your identity before fulfilling any request.

8. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. You may delete your account and data from your profile settings — deletion is immediate and permanent for account-controlled product data, except where retention is required by law, fraud prevention, payment records, security logs, backup integrity, or an active public share or third-party publication that you have not revoked or removed from the destination platform.

Third-party OAuth tokens are retained until you disconnect the relevant account, delete your VibeCom account, or the token expires or is revoked by the provider. Published posts, Search Console data held by Google, and content on connected third-party platforms are governed by those third parties after they receive it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

11. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how the Service is used. You can control cookies through your browser settings. For more details, see our Cookie Policy.

We also use first-party cookies and local storage to maintain anonymous visitor and visit identifiers for attribution. These identifiers help us connect visits to later signups, trials, or purchases so we can measure acquisition sources and improve the Service. They do not store your name, email address, payment details, or product content.

11.1 Do Not Track

Some browsers send a "Do Not Track" (DNT) signal. There is currently no industry standard for how websites should respond to DNT signals. At this time, we do not alter our data collection or use practices in response to DNT signals. If you decline analytics cookies via our cookie consent banner, the banner clears known Google Analytics cookies and stores your preference regardless of your DNT setting.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions or requests regarding this Privacy Policy, please contact us at:

Email:

Support: