Privacy Policy

1. Introduction

This Privacy Policy explains how vibeastral.app ("Website", "we", "us", or "Administrator") collects, uses, and protects information in connection with your use of the Website.

The Website does not require user account registration. However, certain technical data may still be processed as described below.

By using the Website, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for processing personal data is the entity operating vibeastral.app.

Contact: vibe@vibeastral.app

3. Categories of Data Processed

3.1 Data Provided Voluntarily

If you contact us via email or other communication channels, we may process:

• Your email address
• Any information you include in your message
• Any attachments you provide

Providing this data is voluntary.

3.2 Automatically Collected Data

When you access the Website, certain technical data may be processed automatically, including:

• IP address
• Browser type and version
• Device type and operating system
• Referring website
• Date and time of access
• Basic interaction data (e.g., page views)

This data may be collected via server logs or analytics tools. We do not use this data to directly identify users unless required for security, fraud prevention, or legal compliance.

4. Legal Basis for Processing (GDPR – EU Users)

If you are located in the European Economic Area (EEA), data processing is based on:

• Article 6(1)(f) GDPR – Legitimate interest, including ensuring Website security, preventing abuse, improving functionality, and maintaining technical stability.
• Article 6(1)(a) GDPR – Consent, where applicable (e.g., non-essential cookies).
• Article 6(1)(b) GDPR – Performance of pre-contractual steps, if you initiate contact.

5. Purpose of Data Processing

Data may be processed for the following purposes:

• Operating and maintaining the Website
• Ensuring security and preventing misuse
• Responding to user inquiries
• Improving Website performance and user experience
• Complying with legal obligations

We do not sell personal data.

6. Cookies and Tracking Technologies

The Website may use cookies or similar technologies to ensure proper technical functioning, analyze traffic and usage patterns, and improve user experience.

Users may manage or disable cookies via browser settings.

If non-essential cookies are used, appropriate consent mechanisms may be implemented where required by law.

7. Data Retention

Personal data is retained only as long as necessary for the purposes described in this Policy, including:

• Communication data: retained for as long as reasonably necessary to respond and maintain records.
• Technical/log data: retained for security and operational purposes.

Data may be retained longer where required by applicable law or for legitimate defense against legal claims.

8. Data Sharing

We may share data with hosting providers, technical service providers (e.g., analytics tools), and legal or regulatory authorities where required by law.

Data is shared only to the extent necessary for operational purposes. We do not sell, rent, or commercially distribute personal data.

9. International Data Transfers

If service providers are located outside the European Economic Area, data transfers may occur. Where required, appropriate safeguards (such as Standard Contractual Clauses) are implemented in accordance with GDPR.

10. User Rights (EEA Users)

If you are located in the EEA, you have the right to access your personal data, request correction, request deletion, request restriction of processing, object to processing based on legitimate interest, withdraw consent at any time (where processing is based on consent), and lodge a complaint with a supervisory authority.

11. Security

We implement reasonable technical and organizational measures to protect data against unauthorized access, accidental loss, alteration, and disclosure. However, no system can guarantee absolute security.

12. Third-Party Links

The Website may contain links submitted by users or referencing external websites. We are not responsible for the privacy practices or content of third-party websites. Users access external links at their own risk.

13. Children's Privacy

The Website is not intended for children under the age required by applicable law. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy at any time. The updated version will be published on the Website with a revised effective date. Continued use of the Website constitutes acceptance of the updated Policy.