Vibetight
Open app
Legal

Privacy Policy

What we collect, what we don't, and how we handle your data.

Last updated 2026-05-19

This Privacy Policy describes how Vibetight ("we", "us", "our") collects, uses, and protects your information when you use our service. We've tried to keep this in plain English; if anything is unclear, write to us at privacy@vibetight.com.

Who we are

Vibetight
Established in the Netherlands
Chamber of Commerce / KvK number: 76903044
VAT / BTW number: NL003143174B05
Contact: privacy@vibetight.com

What we collect

Account data. Your email address, name, and authentication identifiers from your Google account (we use Google OAuth for sign-in). We store no password.

Workspace data. Tenants, projects, agents, and tasks you create. Comments you post. Permission decisions you make.

Device metadata. When you pair a device, we store its installation ID, OS, and architecture. The device's authentication token is hashed; we cannot recover the original.

Agent event metadata. When an agent runs a task, we record the lifecycle: which agent ran it, on which device, when it started, when it finished, what chat messages it produced, what tool calls it requested, and which permission decisions you made. We do not store the contents of files in your repository.

Billing data. If you subscribe to a paid plan, we issue invoices via Moneybird (our accounting and invoicing provider). Card details, if you pay by card, are handled by the underlying payment processor and we do not store them. We do retain invoice history and the contact details associated with your subscription.

What we don't collect

  • The source code in your repositories. Agents run on your device or your headless worker; we receive event streams, not file contents.
  • Your coding agent's authentication credentials. Those live in your OS keyring or your device's sealed config; we receive only an opaque device identifier.
  • Cross-site behavioural advertising data. We don't sell, share, or trade your personal information.

How we use it

  • To run the product: showing your tasks, routing events to your devices, enforcing your permission decisions.
  • To bill you for the plan you chose.
  • To improve the service: aggregated, de-identified usage patterns help us spot bugs and prioritize features. We do not train models on your data.
  • To contact you about service-impacting events (outages, security incidents, deprecations) and, if you've opted in, product updates.

Who we share it with

  • Our hosting and infrastructure providers (e.g. our cloud host, our email sender), strictly to operate the service. They are contractually bound to confidentiality.
  • Moneybird, for invoicing and accounting (and, where applicable, the underlying payment processor for card transactions).
  • Law enforcement, only when we are legally compelled to do so and only to the extent required.

We do not sell your data. Ever.

Where it lives

Vibetight's primary data store is operated in the European Union. Service providers we use may operate elsewhere; we choose providers with appropriate data-protection commitments (Standard Contractual Clauses or equivalent adequacy decisions where applicable).

Your rights

If you are in the EU, UK, or another jurisdiction with comprehensive privacy legislation, you have rights to access, rectify, port, and erase your personal data. See the GDPR statement for the specific mechanisms.

Data retention

  • Account and workspace data: retained while your account is active. Within 30 days of account deletion, we purge it from operational stores. Encrypted backups may retain a copy for up to 90 days.
  • Audit logs: retained for 12 months; we keep them this long for security forensics and regulatory inquiries.
  • Billing records: retained per applicable tax law (typically 7 years).

Cookies

We use cookies for two purposes: an HTTP-only session cookie to keep you signed in, and a small set of strictly necessary cookies to remember your last-selected tenant and project. We do not use third-party advertising cookies or cross-site trackers.

Security

See the Security page for an overview of our practices.

Changes

We may update this policy. Material changes are announced in-product at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

Privacy questions, data-subject requests, or anything else: privacy@vibetight.com.