Privacy Policy

Last Updated: January 7, 2025

✓ GDPR Compliant ✓ POPIA Compliant ✓ No Data Sharing

1. Introduction

Welcome to VibeCam. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our photo collection service.

Our Core Commitment: VibeCam never shares, sells, or distributes your personal data or photos to third parties. Your privacy is our top priority.

VibeCam operates in full compliance with the General Data Protection Regulation (GDPR) of the European Union and the Protection of Personal Information Act (POPIA) of South Africa. We respect your rights as a data subject and are dedicated to maintaining the highest standards of data protection.

2. Information We Collect

2.1 Account Information

When you create a VibeCam account, we collect:

  • Email address: Provided through Google Sign-In for authentication purposes
  • Name: Your display name from your Google account
  • Profile picture: Your Google profile photo (optional)
  • User ID: A unique identifier assigned to your account

2.2 VibeCam Data

When you use VibeCam services, we collect:

  • VibeCam names: The names you assign to your photo collection events
  • Creation dates: Timestamps of when VibeCams are created
  • Photo metadata: Upload timestamps, file sizes, and technical information about uploaded photos
  • QR code data: Unique identifiers for your VibeCam QR codes

2.3 Photos and Media

Photos uploaded to VibeCam are stored securely in our cloud infrastructure. We do not analyze, scan, or process the content of your photos for any purpose other than display and storage. Your photos remain private and are only accessible to you and individuals who scan your VibeCam QR code.

2.4 Technical Information

We automatically collect certain technical information, including:

  • Device information: Browser type, operating system, device type
  • IP address: Your internet protocol address for security and fraud prevention
  • Usage data: Pages visited, features used, time spent on the platform
  • Cookies: Small data files stored on your device (see Section 7)

3. How We Use Your Information

3.1 Service Delivery

We use your information to:

  • Create and manage your VibeCam account
  • Enable photo upload, storage, and retrieval functionality
  • Generate unique QR codes for your events
  • Provide download and sharing capabilities
  • Process user authentication and maintain account security

3.2 Service Improvement

We analyze aggregated, anonymized usage data to:

  • Improve platform performance and user experience
  • Identify and fix technical issues
  • Develop new features based on user needs
  • Optimize our infrastructure and services

3.3 Communication

We may use your email address to:

  • Send important service notifications and updates
  • Respond to your support requests
  • Notify you of changes to our terms or policies
  • Send security alerts related to your account

Note: We do not send marketing emails or promotional content. All communications are service-related only.

3.4 Legal Compliance

We may process your information to:

  • Comply with legal obligations and regulatory requirements
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of VibeCam, our users, and the public

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored securely using Firebase, Google Cloud Platform's industry-leading infrastructure. Firebase provides:

  • Encryption at rest: All data is encrypted when stored on servers
  • Encryption in transit: Data is encrypted during transmission using TLS/SSL protocols
  • Redundancy: Multiple backup copies ensure data availability and disaster recovery
  • Geographic distribution: Data centers across multiple regions for optimal performance and reliability

4.2 Security Measures

We implement comprehensive security measures including:

  • Authentication: Secure Google Sign-In with OAuth 2.0 protocol
  • Access controls: Role-based permissions ensure only authorized users can access data
  • Firewall protection: Advanced firewall rules prevent unauthorized access
  • Regular security audits: Ongoing monitoring and testing of our security infrastructure
  • Rate limiting: Protection against automated attacks and abuse

4.3 Data Retention

We retain your data for as long as your account remains active. When you delete your account or a VibeCam:

  • Associated photos are permanently deleted from our servers
  • Account data is removed within 30 days
  • Backup copies are purged within 90 days
  • Anonymized usage statistics may be retained for analytical purposes

5. Data Sharing and Third Parties

Zero Data Sharing Policy: VibeCam does not sell, rent, trade, or share your personal information or photos with any third parties for marketing, advertising, or any other commercial purposes.

5.1 Limited Service Providers

We use the following trusted service providers solely for service delivery:

  • Google Firebase: Cloud infrastructure for data storage, authentication, and hosting
  • Google Analytics: Anonymized website analytics to improve user experience (you can opt-out using browser extensions)

These providers are bound by strict data processing agreements and are only permitted to process data on our behalf for the specific purposes outlined. They cannot use your data for their own purposes.

5.2 No Advertising or Tracking

VibeCam does not:

  • Display advertisements on our platform
  • Share data with advertising networks
  • Participate in cross-site tracking
  • Sell user data to data brokers
  • Use third-party analytics beyond Google Analytics

5.3 Legal Requirements

We may disclose your information only when legally required to:

  • Comply with valid legal processes (court orders, subpoenas)
  • Respond to government or law enforcement requests
  • Protect against fraud, security threats, or illegal activity
  • Enforce our Terms of Service

In such cases, we will notify you unless prohibited by law and will only disclose the minimum information necessary.

6. Your Rights Under GDPR and POPIA

6.1 Right to Access

You have the right to request a copy of all personal data we hold about you. This includes your account information, VibeCam data, and associated photos.

6.2 Right to Rectification

You can update or correct your personal information at any time through your account settings or by contacting us.

6.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data and account. Upon deletion:

  • All VibeCams associated with your account will be deleted
  • All uploaded photos will be permanently removed
  • Your account information will be erased from our systems
  • This action is irreversible

6.4 Right to Data Portability

You have the right to receive your data in a structured, commonly used, and machine-readable format. You can download all your photos at any time through the VibeCam interface.

6.5 Right to Restrict Processing

You can request that we limit how we use your data while we resolve any disputes or concerns you may have.

6.6 Right to Object

You have the right to object to certain types of processing, including processing for direct marketing purposes (though we don't engage in marketing).

6.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

6.8 Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with:

  • EU/EEA residents: Your local Data Protection Authority
  • South African residents: The Information Regulator (South Africa)

6.9 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to all requests within 30 days as required by GDPR and POPIA.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services. VibeCam uses minimal cookies necessary for functionality.

7.2 Types of Cookies We Use

  • Essential cookies: Required for authentication, security, and core functionality (cannot be disabled)
  • Analytics cookies: Help us understand how users interact with VibeCam (Google Analytics)
  • Preference cookies: Remember your settings and preferences

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Clear all cookies when closing the browser
  • Opt-out of Google Analytics using their browser extension

8. Children's Privacy

VibeCam is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected], and we will delete such information promptly.

9. International Data Transfers

VibeCam operates globally using Google Cloud Platform's infrastructure. Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union.

When transferring data internationally, we ensure:

  • Compliance with GDPR's data transfer requirements
  • Use of Standard Contractual Clauses approved by the European Commission
  • Adequate data protection measures in destination countries
  • Google's compliance with Privacy Shield principles (where applicable)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • Significant changes will be notified via email to registered users
  • We will provide a prominent notice on our website
  • Continued use of VibeCam after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Compliance and Certifications

11.1 GDPR Compliance

VibeCam is fully compliant with the General Data Protection Regulation (GDPR). We:

  • Process data lawfully, fairly, and transparently
  • Collect data only for specified, explicit, and legitimate purposes
  • Minimize data collection to what is necessary
  • Keep data accurate and up to date
  • Store data only as long as necessary
  • Implement appropriate security measures
  • Demonstrate accountability and compliance

11.2 POPIA Compliance

VibeCam complies with South Africa's Protection of Personal Information Act (POPIA). We:

  • Process information lawfully and reasonably
  • Collect information for specific, explicitly defined purposes
  • Ensure information is relevant and not excessive
  • Maintain accurate and up-to-date information
  • Protect information with appropriate safeguards
  • Respect data subject rights and participation

11.3 Industry Standards

We follow industry best practices and standards including:

  • ISO/IEC 27001 information security principles
  • OWASP security guidelines
  • Google Cloud Platform security standards
  • Regular security audits and penetration testing

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Data Protection Officer: [email protected]

We are committed to resolving any privacy concerns you may have and will respond to all inquiries within 30 days.