1. Introduction
This Privacy Policy describes how Vibeconfig (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website (vibeconfig.dev) and purchase our products. We are committed to protecting your privacy in compliance with the Swiss Federal Act on Data Protection (FADP/nDSG) and the EU General Data Protection Regulation (GDPR).
3. Data We Collect
We collect minimal data necessary to process your purchase:
- Email address — Provided during Stripe checkout, used for purchase confirmation and download link delivery
- Payment information — Processed entirely by Stripe. We never see, store, or have access to your credit card number, CVV, or full card details
- Stripe customer ID and session ID — Used to link your payment to your download token
- Download token usage — We track whether a download token has been used and when it expires
4. What We Do NOT Collect
- We do not use cookies for tracking or advertising
- We do not use analytics trackers (Google Analytics, Facebook Pixel, etc.)
- We do not collect your name, address, phone number, or any demographic data
- We do not track your behavior on the website
- We do not sell, share, or transfer your data to any third party for marketing purposes
- We do not create user accounts or profiles
5. How We Use Your Data
- Process your purchase — Create a record of your transaction
- Deliver the product — Generate a unique download link and send it to your email
- Provide support — Respond if you contact us about your purchase
- Legal obligations — Maintain transaction records as required by Swiss law
Legal basis for processing (GDPR Art. 6): Performance of a contract (purchase fulfillment) and legitimate interest (fraud prevention, legal compliance).
6. Third-Party Services
We use the following services:
- Stripe — Payment processing. Stripe processes your payment data under their own privacy policy. We only receive your email and transaction identifiers. Stripe Privacy Policy
- Supabase — Database hosting for purchase records and download tokens. Hosted in the EU. Supabase Privacy Policy
- Vercel — Website hosting. Standard server logs (IP address, user agent) are processed but not stored long-term. Vercel Privacy Policy
7. Data Retention
- Purchase records are retained for the legally required period (10 years under Swiss commercial law)
- Download tokens expire after 7 days and are automatically invalidated
- You may request deletion of your email from our records at any time (subject to legal retention requirements)
8. Your Rights
Under GDPR and Swiss data protection law, you have the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data (subject to legal retention requirements)
- Portability — Receive your data in a structured, machine-readable format
- Restriction of processing — Request restriction of processing of your data (GDPR Art. 18)
- Objection — Object to processing of your data
- Complaint — Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority
We do not engage in automated decision-making or profiling as defined in GDPR Article 22.
To exercise these rights, contact privacy@vibeconfig.dev
9. Data Security
We implement appropriate technical and organizational measures to protect your data: encrypted connections (HTTPS/TLS), secure database access with Row Level Security, environment variables for sensitive configuration, and minimal data collection by design.
10. International Transfers
Your data may be processed by our service providers in the United States (Stripe, Vercel). These transfers are safeguarded by Standard Contractual Clauses (SCCs) and the providers' compliance with applicable data protection frameworks.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.