This Privacy Policy explains how VIBEZCORE Audio Library collects, uses, and protects your personal data when you use our service. We aim to be transparent and to respect your privacy regardless of where you live.
1. Who We Are
VIBEZCORE operates the VIBEZCORE Audio Library service and is the data controller for personal data processed in connection with your use of the service.
For privacy questions or to exercise your rights, please use our support form.
2. What We Collect
Account data: email address, hashed password, account creation date, and login activity.
Subscription data: subscription status, plan, renewal date, and transaction IDs provided by our payment processor. We do not store your card details — these are handled by the payment processor.
Usage data stored locally on your device: sessions played, listening progress, favourites. This data is stored in your browser's localStorage and never leaves your device unless cross-device sync is enabled.
Technical data: IP address (briefly, for security and rate-limiting), browser type and version, device type. We do not currently run third-party analytics, advertising trackers, or fingerprinting.
Support data: any information you provide when contacting us.
3. How We Use Your Data
- To provide and operate the service (login, streaming, progress tracking)
- To process payments through our payment provider
- To improve the service and develop new features
- To communicate important updates, changes, and support replies
- To prevent fraud, abuse, and unauthorised account sharing
- To comply with legal obligations
We do not sell your personal data to anyone, ever.
4. Legal Basis for Processing (GDPR)
If you are in the European Union, we rely on the following legal bases under the General Data Protection Regulation:
- Performance of a contract (Art. 6(1)(b)) — to deliver the service you signed up for
- Legitimate interests (Art. 6(1)(f)) — to secure, improve, and protect the service
- Consent (Art. 6(1)(a)) — for optional analytics or marketing communications, where applicable
- Legal obligation (Art. 6(1)(c)) — for tax, accounting, and regulatory requirements
5. Who We Share Data With
We share data only with the service providers required to operate the service. Each is bound by confidentiality and data protection obligations:
- Gumroad — payment processing, merchant of record, tax compliance
- Supabase — authentication, database, and account management
- Bunny CDN — delivery of audio sessions and static assets
- Netlify — web hosting and deployment
We do not share your data with advertising networks or data brokers.
6. International Data Transfers
Some of our service providers process data outside the European Economic Area, including in the United States. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) and additional measures to ensure your data is protected at a level equivalent to EU law.
7. How Long We Keep Your Data
- Account data: for as long as your account is active, plus a reasonable retention period after closure
- Transaction data: retained as required by tax and accounting law (typically up to 7 years in the EU)
- Usage data on our servers: kept in aggregated or anonymous form for product analytics
- Local-device data (localStorage): remains on your device until you clear it via your browser or the in-app reset option
- Support correspondence: kept while reasonably needed for record-keeping
8. Your Rights
Depending on where you live, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your account and associated data ("right to be forgotten")
- Restrict or object to certain processing
- Portability — receive a copy of your data in a structured, commonly used format
- Withdraw consent at any time, where consent is the legal basis
To exercise any of these rights, use the support form. We aim to respond within 30 days, in line with GDPR Article 12.
9. Right to Lodge a Complaint
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the data protection authority in the EU country where you live, work, or where the alleged infringement took place.
For users in Belgium, this is the Gegevensbeschermingsautoriteit / Autorité de protection des données (www.gegevensbeschermingsautoriteit.be).
We would, however, appreciate the chance to address your concerns first — please contact support before involving a supervisory authority.
10. Security
We use industry-standard technical and organisational measures to protect your data: encryption in transit (HTTPS), hashed passwords, restricted access to systems, and regular security reviews. No system is 100% secure, but we work continuously to reduce risk.
11. Children
Paid subscriptions are not directed at children. We do not knowingly collect personal data from minors below the age of digital consent in their country (16 in many EU member states, 13 elsewhere). If you believe a minor has provided us with data, please contact support and we will delete it.
12. Cookies & Local Storage
VIBEZCORE Audio Library does not use advertising or third-party tracking cookies. We use only essential storage required to run the service (your login session and locally-saved listening progress). See our Cookie Policy for full details.
13. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
14. Changes to This Policy
We may update this Privacy Policy as the service evolves. Material changes will be communicated by email or in-app notification. The "Last updated" date at the top reflects the most recent version.