Vibetight
Open app
Legal

GDPR statement

Your rights under the General Data Protection Regulation, and how to exercise them.

Last updated 2026-05-19

This statement summarises Vibetight's compliance with the EU General Data Protection Regulation (GDPR) and explains the mechanisms by which you can exercise your rights. It complements (and does not replace) our Privacy Policy.

Data controller

The data controller for personal data processed through the Service is:

Vibetight
Established in the Netherlands
Chamber of Commerce / KvK number: 76903044
VAT / BTW number: NL003143174B05
Contact: privacy@vibetight.com

Lawful bases

We process your personal data on the following lawful bases:

  • Contract performance: to provide the Service you've signed up for.
  • Legal obligation: for tax records, regulatory inquiries, and similar.
  • Legitimate interest: for security monitoring, fraud prevention, and product improvement (aggregated, de-identified usage analysis).
  • Consent: for optional product-update emails. Withdraw consent at any time from your account settings.

Your rights

Under GDPR you have the right to:

  • Access your personal data: request a copy of what we hold.
  • Rectify inaccurate data: correct anything that's wrong.
  • Erase your data: "the right to be forgotten", subject to legal retention requirements.
  • Restrict processing: pause specific uses while we resolve a dispute.
  • Port your data: receive it in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent where consent is the basis.
  • Not be subject to automated decisions that have legal or significant effects on you (we don't make such decisions).

How to exercise them

  • Most rights can be exercised directly in the product via Settings → Profile (data export, account deletion).
  • For anything else, email privacy@vibetight.com with your request. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

Data export

You can export your workspace data (tasks, comments, agent event logs, audit trail) from Settings → Profile via Download my data. The export is delivered as a downloadable archive (JSON + structured directories for chat history).

Data deletion

You can delete your account from the danger zone in Settings → Profile. Operational data is purged within 30 days. Encrypted backups may retain a copy for up to 90 days. Audit logs and billing records are retained per the schedule in the Privacy Policy.

International transfers

When personal data is transferred outside the EU/EEA (for example, to a service provider operating in the US) we rely on Standard Contractual Clauses approved by the European Commission, or on an adequacy decision where one is in force. We do not transfer personal data to countries without an appropriate legal basis.

Sub-processors

We use a small number of sub-processors to operate the Service (cloud hosting, payment processing, email delivery). A current list is available on request from privacy@vibetight.com. We will notify customers in advance of material changes to the sub-processor list.

Data breach notification

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, in accordance with Articles 33 and 34 GDPR.

Supervisory authority

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the supervisory authority in your country of residence. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Contact

Data Protection Officer: privacy@vibetight.com