Privacy Policy

vibesh1ft (“we”, “us”, “our”) operates the platform at www.vibesh1ft.com. We’re an educational vibe-coding platform that helps people build and learn through AI-assisted projects. For privacy questions, contact privacy@vibesh1ft.com.

Account information. When you sign in with Google, we receive your name, email address, profile picture, and Google account ID. We use these to identify you and personalize your experience.

Billing information. If you subscribe to a paid plan, payments are processed by Stripe. Stripe handles your card details directly — we never see your card number. We store your Stripe customer ID, subscription status, and billing email.

Project data. Project descriptions, brand information, requirements, and generated previews you create through the platform are stored so you can return to them across devices.

Learning progress. Lesson completions, quiz scores, streaks, credits, and achievements are stored to power the curriculum and learn-to-earn features.

API keys (BYOK). When you provide your own Anthropic, OpenAI, or other AI API key, that key is stored only in your browser’s local storage. It is sent directly from your browser to the AI provider when you make a request. It never reaches our servers, our logs, or our database.

Usage data. Standard server logs (IP address, browser, request paths, timestamps) are kept for security, debugging, and abuse prevention. We retain these for up to 30 days.

Cookies. We use a small number of cookies for authentication, language preference (en, nl, de, fr, es), and theme. We don’t use third-party advertising cookies.

• To create and authenticate your account.
• To deliver the service: serve lessons, save your projects, sync progress across devices.
• To process subscriptions and renewals via Stripe.
• To send transactional emails (sign-in confirmations, billing receipts, important account changes).
• To send product emails (new lessons, feature announcements) — you can opt out at any time.
• To improve the platform: aggregate analytics on which lessons help most, where users get stuck.
• To prevent abuse: detect and block credential-stuffing, scraping, or platform misuse.
• To comply with legal obligations.

We use a small set of trusted third-party services to operate the platform. Each only receives the data necessary to perform its specific role:

• Google (Firebase Authentication) — sign-in and identity.
• Google Cloud (Firestore, Cloud Storage) — storing your account, project, and progress data.
• Stripe — payment processing for subscriptions.
• Resend — transactional and product email delivery.
• Vercel — web hosting and edge delivery.
• Anthropic — powers our automatic translations of platform content. We do not send your project data or prompts to Anthropic; only platform content (blog posts, lessons we author).

We do not sell, rent, or trade your data. We do not use your data to train AI models.

vibesh1ft is a Bring-Your-Own-Key (BYOK) platform. The AI prompts you send to build projects go directly from your browser to your chosen AI provider (e.g., Anthropic). They do not pass through our servers.

This means: we cannot see the prompts you send to the AI, the code the AI generates for you, or the contents of your projects beyond what you explicitly save through our platform. Your AI provider’s privacy policy governs that data.

If you’re in the European Union, the United Kingdom, or another jurisdiction with similar privacy laws, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (“right to be forgotten”).
• Request a portable copy of your data.
• Object to or restrict certain processing.
• Withdraw consent for marketing emails at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@vibesh1ft.com. We respond within 30 days.

We retain your account and project data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days, except for records we’re legally required to keep (e.g., financial records for tax compliance) and anonymized aggregate analytics.

vibesh1ft is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you’re a parent or guardian and believe your child has provided us with personal data, contact privacy@vibesh1ft.com and we’ll delete it.

Users under 18 should have a parent or guardian review these terms before using the platform.

Our service providers operate globally. Your data may be transferred to and processed in the United States and the European Union. Where required, we rely on standard contractual clauses and equivalent legal mechanisms approved by the European Commission to protect your data during these transfers.

We use industry-standard security practices: HTTPS for all traffic, Firebase Authentication for identity, server-side authorization on all admin endpoints, signed webhook verification, and encrypted storage at rest via Google Cloud. No system is perfect — if you discover a security issue, please report it to privacy@vibesh1ft.com.

We’ll update this page if our practices change. Significant changes will be announced via email and an in-app notice at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent version.

Questions about this policy or your data? Email privacy@vibesh1ft.com.