Privacy Policy

Your Data,
Your Decisions.

We built Vibors privacy-first because there's no other ethical way to build a behavior-based product. This page tells you exactly how it works — in plain language, not lawyer-speak.

Effective: April 1, 2026 Last updated: April 1, 2026 Version: 1.0

Plain-language summary

If you read nothing else on this page, read this:

  • We don't sell your data. Ever.
  • We don't track your GPS. Vibors only knows where you've been when a verified venue beacon detects you at the door.
  • Brands never see you individually. They see aggregated, anonymized signals.
  • You can delete everything in one tap. Settings → Delete account. No retention beyond legal minimums.
  • Your tier and score are private. Even your friends don't see them unless you choose to share.

What we collect

1. Account information

Your name (or chosen handle), phone number or email for verification, and optional profile photo. Required to keep accounts unique and recoverable.

2. Verified check-ins

When you enter a partner venue, the venue beacon broadcasts a short identifier. Your phone records: which beacon, what time, how long you stayed. Nothing else from that interaction.

3. Device metadata

Hashed device identifier, app version, OS version, language. Used only for session integrity and bug diagnostics. Never linked to advertising IDs.

4. Derived signals

From check-ins, we compute your score, tier, and aggregate signals (venue diversity, category mix, social overlap with your circle). These live on your account.

5. What we explicitly do not collect

  • Continuous GPS or location history
  • Contacts list
  • Photos, microphone, camera unless you actively use them
  • Browsing history outside the Vibors app
  • Payment or transaction details (we don't take payments from users)

Why we collect it

We collect only what's necessary to deliver the four functions of Vibors:

  • Verify presence — so check-ins can't be faked or gamed.
  • Compute your tier — so the perks you unlock are earned.
  • Recommend venues — so the Map reflects places people like you actually go.
  • Connect you to circles — so social features can find genuine overlap.

Everything else (analytics, advertising, model training on user data) — we don't do.

Who we share it with

Partner venues

Venues see aggregate signals only — tier mix of guests tonight, vibe match with their profile, repeat-rate trends. They never see individual user identities, contact info, or visit histories.

Service providers

We use trusted infrastructure partners (cloud hosting, push notification delivery, email/SMS verification) bound by data processing agreements. They process data on our behalf and cannot use it for their own purposes.

Legal compliance

We may disclose specific account data if compelled by valid legal process in jurisdictions where we operate. We resist overbroad requests and notify users when legally permitted.

What we never share

Marketers, advertisers, data brokers, social platforms, or any third party seeking to build profiles. Not now. Not later.

Your rights

Regardless of jurisdiction, every Vibors user has these rights:

  • Access — request a copy of all data we hold on you. Delivered within 30 days.
  • Correction — fix any inaccurate profile information from settings.
  • Deletion — wipe your account and all linked data with one tap.
  • Portability — export your check-in history and score timeline as JSON.
  • Object — opt out of any optional analytics or non-essential processing.
  • Complain — to us first, then to your local data protection authority.

Security & storage

Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3. Account secrets are hashed with industry-standard algorithms and never stored in plain form. Access to production systems requires hardware security keys and is logged.

Primary data stores are region-resident: UAE for our launch market, with additional regions added as we expand. We do not transfer personal data across borders without legal safeguards.

Cookies & tracking

The Vibors website uses minimal cookies — strictly for session, language preference, and basic anonymous traffic measurement. We do not use third-party advertising cookies. You can clear cookies in your browser without affecting your app account.

Children

Vibors is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has registered, contact us at privacy@vibors.app and we'll delete the account.

Changes to this policy

We update this policy when we change how data is handled. Material changes get notified in-app and by email at least 30 days before they take effect. The version number and effective date at the top of this page reflect the current policy.

Contact

For privacy questions, requests, or complaints:

We aim to respond to all privacy requests within 5 business days, and resolve them within 30.