← back to vibecheckPrivacy Policy
Effective Date: May 7, 2026 · Last Updated: May 7, 2026
1. Introduction and Scope
VibeCheck (“we,” “us,” or “our”) is a social polling and personality-reveal mobile application operated globally by Motus Labs, LLC, a Delaware limited liability company. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information about individuals who use the VibeCheck mobile application (the “App”), the web-based voting page, and any related services (collectively, the “Services”), regardless of the country from which they access the Services.
This Privacy Policy applies to:
- Registered users who create an account on the App (“Account Holders”).
- Individuals who access a shared VibeLink and cast a vote through the web-based voting page without creating an account (“Voters”).
- Parents or legal guardians who interact with the Services on behalf of a minor.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Services immediately.
This Policy is designed to comply with applicable privacy laws in multiple jurisdictions, including but not limited to:
- The European Union General Data Protection Regulation (EU GDPR) and its national implementations.
- The United Kingdom General Data Protection Regulation and the UK Data Protection Act 2018.
- The United States Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable U.S. state privacy laws.
- The Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and the Washington State Biometric Privacy Act.
- Brazil’s Lei Geral de Proteção de Dados (LGPD) and the Estatuto da Criança e do Adolescente Digital (ECA Digital).
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
- Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs).
- Argentina’s Ley 25.326 on Personal Data Protection and Decreto 1558/2001.
- The Republic of Korea’s Personal Information Protection Act (PIPA).
- India’s Digital Personal Data Protection Act, 2023 (DPDP Act).
- Other applicable national and regional privacy laws where we operate or process personal data.
2. Data Controller and Contact Information
The data controller responsible for your personal information is:
Motus Labs, LLC
5798 SW 68th St
Miami, FL 33143
United States
A Delaware limited liability company operating under the VibeCheck brand.
For all privacy-related inquiries, requests, and complaints:
We will respond to all requests within the timeframes required by applicable law, and in any event within 30 calendar days of receipt unless a longer period is permitted by law.
3. Age Requirements and Children's Privacy
3.1 Minimum Age
The Services are intended for users who are 13 years of age or older, except in jurisdictions where a higher minimum age applies under applicable law. By creating an account or using the Services, you represent and warrant that you meet the applicable minimum age requirement.
3.2 Age Verification and Verifiable Parental Consent
We employ a neutral age-gate during onboarding that does not encourage misrepresentation of age. Where applicable law requires verifiable parental consent for users below a certain age, we obtain such consent through one or more of the following mechanisms before processing the personal data of those users:
- Verified parental email confirmation with a follow-up consent step.
- A nominal credit or debit card transaction by the parent or legal guardian solely to confirm adult identity (the transaction may be voided or refunded).
- Government-issued identification verification of the parent or legal guardian.
- Knowledge-based authentication of the parent or legal guardian.
- Use of a qualified third-party identity-verification provider (such as PRIVO, Veratad, SuperAwesome KWS, or equivalent).
If we cannot verify parental consent through any of these mechanisms, we will not permit account creation or further processing of the minor’s personal data.
3.3 Users Between 13 and 17 Years of Age
For users we identify as minors under 18 (or below the age of digital consent in their jurisdiction), we apply the following heightened protections by default:
- We do not serve behavioral or interest-based advertising to users under 18.
- We do not sell, rent, or share personal data of users under 18 with third parties for advertising or marketing purposes.
- We do not enable direct contact between adult users and minors within the App.
- We apply the most privacy-protective default settings.
- Vibe Portrait and other features involving facial-image processing are disabled by default for users under 18 and are enabled only with verifiable parental consent.
- Profile-photo upload is optional, and any uploaded photo is processed only with the heightened protections described in Section 4.4.
3.4 United States — Children Under 13 (COPPA)
We do not knowingly collect personal information from children under 13 years of age. We use a neutral age-gate at sign-up. If we obtain actual knowledge that a user is under 13, we will:
- Immediately suspend the account.
- Delete all personal information associated with that user within 30 calendar days.
- Refuse any further collection.
If you are a parent or guardian and believe that your child under 13 has created an account without your consent, please contact us immediately at privacy@vibecheck.app.
3.5 European Economic Area and United Kingdom
For users in the EEA and UK, the age of digital consent varies by country:
- United Kingdom: 13
- Spain: 14
- France: 15
- Germany: 16
- Other EEA countries: as determined by the applicable national law (typically 13–16).
Where required by applicable national law, we will seek verifiable parental consent before processing personal data from users below the applicable age of digital consent. For all users under 18 in the EEA and UK, we apply the heightened protections set out in Section 3.3.
3.6 Brazil (LGPD and ECA Digital)
Under Brazil’s LGPD and the Estatuto da Criança e do Adolescente Digital (in force as of March 2026), special protections apply to the personal data of children and adolescents:
- Children under 12: processing requires the specific and prominent consent of at least one parent or legal guardian.
- Adolescents 12–18: processing must be carried out in their best interest, with appropriate transparency and parental involvement.
- We apply pseudonymous architecture for users identified as minors in Brazil, in line with ECA Digital requirements.
3.7 Australia
Under Australia’s Privacy Act 1988 and the forthcoming Children’s Online Privacy Code, we apply age-appropriate protections and privacy-by-default settings for users we identify as minors. We do not collect information from Australian users under 13 without verifiable parental consent.
3.8 India (DPDP Act)
Under India’s Digital Personal Data Protection Act, 2023, any user under 18 is considered a child. For Indian users:
- Processing of a child’s personal data requires verifiable parental consent.
- We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children.
- Parents or legal guardians may exercise data rights on behalf of their children.
3.9 Republic of Korea
Under PIPA, the minimum age for digital consent is 14. For users under 14 in the Republic of Korea, we obtain verifiable parental consent prior to data collection.
4. Personal Information We Collect
4.1 Information Provided Directly by Account Holders
- Display name or nickname.
- Username (used to generate your unique VibeLink URL).
- Age or date of birth (used for age verification, content personalization, and compliance).
- Gender (optional; used for content personalization).
- Profile photo (optional; used for display in the App and, only with separate explicit consent, for Vibe Portrait generation as described in Section 4.4).
- Authentication credentials (managed by Supabase Auth; we do not store raw passwords — only secure hashed values).
4.2 Information Collected Automatically
- Device information: device type, operating system, OS version, and device identifiers.
- App interaction data: screens visited, features used, session duration, and buttons tapped.
- Response timing data: time elapsed before submitting a vote or interacting with a prompt.
- Answer-change data: whether a user changed their selected answer before submitting.
- Network information: IP address, used for fraud detection and security purposes.
- Push notification tokens (if enabled).
- Crash and diagnostic data, used to detect and fix bugs.
4.3 Information Collected from Voters (Without Account)
When you vote through the web-based voting page without creating an account, we collect:
- The vote submitted (the option you selected).
- Approximate device type (mobile or desktop browser).
- Response timing data.
- Answer-change data.
- IP address (used for fraud detection and security only).
We do not collect your name, email address, phone number, social media profile, precise location, or any other directly identifying information at the time of voting. Your vote is stored without your name attached.
We use the term “voting without an account” rather than “anonymous voting” to be transparent: under several privacy laws, including the GDPR, an IP address is considered personal data, even when not associated with a name. We are committed to keeping your name and identity unattached to your vote, but we want to be honest about what we collect.
Retroactive Vote Linking. If you previously voted without an account and subsequently create a VibeCheck account on the same device or network, your prior votes may be retroactively linked to your account through technical identifiers. By creating an account, you provide specific consent to this linking. Once linked, the data described in Section 4.4 of our Terms of Service may become visible to the recipient Account Holder if they subscribe to the No Filter tier. You may request unlinking at any time by contacting privacy@vibecheck.app.
4.4 Facial Image Processing for Vibe Portrait
The Vibe Portrait feature, available exclusively to No Filter subscribers, uses artificial intelligence to generate a stylized, transformed image based on your profile photo and accumulated vibe results. Because this feature involves the processing of facial images, it is subject to heightened protections.
Specific consent. Vibe Portrait is disabled by default. Before generating your first Vibe Portrait, we will request your separate, specific, informed, and freely given consent through a dedicated consent screen within the App. This consent is distinct from your acceptance of our Terms of Service or this Privacy Policy.
Users under 18. Vibe Portrait is disabled for users under 18 unless we have obtained verifiable parental consent through one of the mechanisms described in Section 3.2. This applies regardless of subscription status.
What we process. When you enable Vibe Portrait:
- Your profile photo is transmitted to Google’s image-generation service (Gemini / Nano Banana Pro) for the purpose of generating the Vibe Portrait.
- A textual scene description, generated by the Anthropic Claude API based on your accumulated vibes (no facial data), is transmitted to the same service to guide the image generation.
- The generated portrait is stored in your account and may be retained until you delete it or your account.
What we do not process or retain.
- We do not retain a permanent biometric template, facial-recognition vector, or any other identifier derived from the geometry of your face.
- We do not use your face for identification, authentication, surveillance, or matching against any database.
- We do not allow our AI providers to use your face for training their models, for advertising, or for any purpose other than generating the requested portrait. This is contractually prohibited.
Withdrawal of consent. You may withdraw consent and delete all generated portraits at any time through the App settings. We will cease facial-image processing immediately upon withdrawal. Your underlying profile photo can be deleted separately.
Jurisdiction-specific protections.
- Illinois (BIPA): if you are an Illinois resident, we treat the processing described above with the protections of the Illinois Biometric Information Privacy Act, including specific written consent and data-retention policies. Your profile photo and any associated processing artifacts will be permanently destroyed within three years of your last interaction with the Services or upon withdrawal of consent, whichever is sooner.
- Texas (CUBI): if you are a Texas resident, we comply with the Texas Capture or Use of Biometric Identifier Act, including informed consent and reasonable retention periods.
- Washington State: if you are a Washington resident, we comply with the Washington State Biometric Privacy Act.
- European Union (GDPR Art. 9): facial images processed for Vibe Portrait may constitute special category data under Article 9 of the GDPR. Your separate explicit consent is the legal basis for this processing.
- Brazil (LGPD): facial images may be considered “dado pessoal sensível” under LGPD; specific consent is the legal basis.
4.5 Information We Do Not Collect
- Precise geolocation data.
- Device contacts or address book data.
- Financial or payment card information (billing is managed by Apple or Google; we do not see card numbers).
- Health or medical information.
- Government-issued identification numbers (except where required to verify parental consent under Section 3.2; in such cases, IDs are reviewed by our identity-verification provider and not retained by us).
- Any sensitive personal data not expressly described in this Policy and not affirmatively consented to.
5. How We Use Your Personal Information
5.1 To Provide and Operate the Services
- Create and manage your user account.
- Generate your unique VibeLink.
- Display daily prompts and process votes.
- Generate vibe results based on aggregated voting patterns.
- Generate Vibe Portraits for No Filter subscribers who have provided separate consent (and verifiable parental consent where applicable).
- Enable the creation and sharing of vibe result cards on social media.
5.2 To Power the No Filter Subscription
No Filter subscribers receive additional context about votes received from registered users. This context includes the first letter of the voter’s display name, response timing, answer-change data, and voting frequency. The full name, username, profile photo, or contact information of voters is never revealed.
5.3 To Generate Vibe Portraits (No Filter Only, with Consent)
We process your profile photo solely to generate your Vibe Portrait, as described in Section 4.4, and only after we obtain your separate consent (and verifiable parental consent for minors). We do not use your photo for any other purpose, including identification, advertising, or product training.
5.4 To Communicate with You
- Send push notifications regarding new votes, vibe results, and in-app activity (only if enabled).
- Respond to feedback, support requests, or legal inquiries.
- Send marketing communications only with your separate opt-in consent, where required by law.
5.5 For Safety, Security, and Fraud Prevention
- Detect and prevent fraudulent or automated voting.
- Enforce our Terms of Service.
- Protect the rights, property, and safety of our users and of VibeCheck.
- Comply with applicable legal obligations.
5.6 To Improve the Services
- Analyze aggregate, de-identified usage trends.
- Conduct internal research and product development.
- Diagnose and fix bugs and crashes.
6. Artificial Intelligence Service Providers
VibeCheck uses third-party AI service providers to generate certain features. We are transparent about who these providers are and what data is shared with them.
6.1 Anthropic (Claude API)
We use the Anthropic Claude API to:
- Generate textual content for vibe results.
- Generate the textual scene description used as input to the Vibe Portrait image-generation step.
Data sent to Anthropic: Aggregated voting data without identifying information, accumulated vibe history. No facial images are sent to Anthropic.
Cross-border transfer: Anthropic processes data in the United States.
Anthropic’s privacy practices: https://www.anthropic.com/legal/privacy
Contractual safeguards: Anthropic is contractually prohibited from using data sent to its API for training its models or for any purpose other than fulfilling the API request.
6.2 Google (Gemini and Nano Banana Pro)
We use Google’s image-generation services to:
- Generate Vibe Portraits from a user’s profile photo, only after the user has provided separate consent (and verifiable parental consent for minors).
Data sent to Google: Profile photo of the user (Vibe Portrait only), textual scene description (generated by Anthropic).
Cross-border transfer: Google processes data in the United States and other regions where it operates.
Google’s privacy practices: https://policies.google.com/privacy
Contractual safeguards: Google is contractually prohibited from using profile photos transmitted via the API for training its models or for any purpose other than generating the requested image.
6.3 Cross-Border Transfer Safeguards
Transfers of personal data to AI providers in the United States are subject to:
- Standard Contractual Clauses (SCCs) for transfers from the EEA and UK.
- LGPD Article 33 international transfer requirements for transfers from Brazil.
- Argentina Decreto 1558/2001 Article 12 cross-border transfer requirements.
- Equivalent safeguards for other jurisdictions.
A copy of the applicable safeguards is available upon request at privacy@vibecheck.app.
7. Legal Bases for Processing
7.1 European Economic Area and United Kingdom (GDPR)
We rely on the following legal bases:
- Performance of a contract (Article 6(1)(b)): processing necessary to provide the Services.
- Legitimate interests (Article 6(1)(f)): fraud prevention, security, service improvement, and analytics. We balance our interests against your rights.
- Consent (Article 6(1)(a)): push notifications, profile photo upload, marketing communications.
- Explicit consent for special category data (Article 9(2)(a)): facial-image processing for Vibe Portrait.
- Legal obligation (Article 6(1)(c)): processing required by applicable law.
You may withdraw consent-based processing at any time. Withdrawal does not affect the lawfulness of prior processing.
7.2 Brazil (LGPD)
We rely on consent (Article 7(I), Article 11(I) for sensitive data), performance of a contract (Article 7(V)), legitimate interests (Article 7(IX)), legal obligation (Article 7(II)), and best interest of the child (Article 14) where applicable.
7.3 Canada (PIPEDA)
We collect, use, and disclose personal information only with knowledge and consent, and only for purposes that a reasonable person would consider appropriate.
7.4 Argentina (Law 25,326)
We process only data that is adequate, relevant, and not excessive. Consent is obtained prior to collection except where processing is authorized by law or required for contract performance.
7.5 India (DPDP Act)
We rely on the consent of the individual (or, for users under 18, verifiable parental consent) and on legitimate uses as defined under the DPDP Act.
7.6 California (CCPA/CPRA) and Other U.S. State Laws
We do not sell or share personal information for cross-context behavioral advertising. We process personal information only for the purposes described in this Policy.
8. How We Share Your Information
8.1 We Do Not Sell or Share Your Personal Data
We do not sell, rent, or trade your personal information to third parties for their own marketing, advertising, or commercial purposes. This applies globally, including for purposes of the CCPA/CPRA definitions of “sale” and “sharing.”
8.2 Service Providers (Data Processors)
We share personal data with the following categories of service providers, each of which is bound by data-processing agreements that limit their use of personal data to providing the contracted service:
- Supabase, Inc. — database hosting, authentication, and backend infrastructure.
- Expo / Expo Application Services — mobile application infrastructure and over-the-air updates.
- RevenueCat, Inc. — subscription management and billing verification.
- Vercel, Inc. — hosting of the web-based voting page.
- Apple Inc. — iOS distribution, Apple Push Notification Service, In-App Purchase processing.
- Google LLC — Android distribution, Firebase Cloud Messaging, In-App Purchase processing, Vibe Portrait image generation (Gemini / Nano Banana Pro).
- Anthropic PBC — AI text generation (Claude API).
- Crash and diagnostic services — for detecting and fixing bugs (such as Sentry, where applicable).
- Identity-verification providers — for verifying parental consent where required.
- Email and customer support providers — for transactional communications and support tickets.
A current list of service providers, including any updates, is available at privacy@vibecheck.app upon request.
8.3 Legal Requirements and Safety
We may disclose personal data if required by applicable law, regulation, court order, or to protect the rights, property, or safety of VibeCheck, our users, or the public. Where legally permitted, we will notify the affected individual.
8.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is subject to a different privacy policy.
8.5 Aggregate and De-identified Data
We may share aggregate, de-identified, and anonymized data that cannot reasonably be used to identify any individual.
9. International Data Transfers
Your personal information may be transferred to and processed in countries other than your country of residence, including the United States.
- For transfers from the EEA and UK, we rely on Standard Contractual Clauses (SCCs) and, where applicable, additional safeguards as required following Schrems II.
- For transfers from Brazil, we comply with Article 33 of the LGPD.
- For transfers from Argentina, we comply with Article 12 of Decreto 1558/2001 and apply contractual safeguards equivalent to Standard Contractual Clauses.
- For transfers from other jurisdictions, we apply appropriate contractual and technical safeguards.
A copy of applicable safeguards may be requested at privacy@vibecheck.app.
10. Voter Privacy and Identity Protection
Voter privacy is a core design principle of VibeCheck. Specifically:
- In the free tier, voters are never identified to the recipient by name, username, profile photo, or any other directly identifying attribute.
- No Filter subscribers receive limited contextual hints about voters (the first letter of the voter’s display name, response timing, answer-change data, and voting frequency). Full name, username, profile photo, email address, and phone number are never revealed.
- Web-based voting does not require an account and does not link the vote to a named individual at the time of voting.
- We implement technical controls to prevent unauthorized reverse-identification of voters, including by other users.
- We may disclose voter-related information to law enforcement only where required by applicable law or to prevent imminent harm.
Retroactive linking. As described in Section 4.3, if you vote without an account and subsequently create one, your prior votes may be retroactively linked to your account through technical identifiers. By creating an account, you consent to this linking. Once linked, the limited hints described above may be visible to recipients who subscribe to No Filter. You may request unlinking at any time.
11. Data Retention
We retain personal data for the following periods:
- Account data: retained for the duration of your account.
- Profile photo: retained until you delete it or your account, whichever comes first.
- Vibe results and voting data linked to active accounts: retained for the duration of the account.
- Behavioral data (response timing, answer changes): retained for up to 12 months in identifiable form, then aggregated and de-identified.
- Technical data from Voters (IP address, device type): retained in pseudonymized form for up to 90 days, then deleted or irreversibly anonymized.
- Vibe Portraits: retained until you delete them or withdraw biometric-processing consent.
- Subscription billing records: retained as required by tax, accounting, and regulatory law (typically 7–10 years).
- Account deletion: upon account deletion, personal data is deleted or irreversibly anonymized within 30 calendar days, except for data that we are legally required to retain.
- Encrypted backups: for resilience and disaster-recovery purposes, encrypted backups may persist for up to 90 days following deletion of live data, after which they are overwritten.
- Legal hold: where data is subject to a legal hold or pending dispute, retention may extend until the relevant matter is resolved.
For users in Illinois (BIPA), facial-image-related data is destroyed within three years of the user’s last interaction with the Services or upon withdrawal of consent, whichever is sooner.
12. Your Privacy Rights
12.1 Universal Rights
Regardless of jurisdiction, you may contact privacy@vibecheck.app to:
- Access your personal data.
- Correct inaccuracies.
- Request deletion of your data.
- Withdraw consent.
- Opt out of push notifications and marketing communications.
12.2 European Economic Area and United Kingdom (GDPR)
In addition to the universal rights above, you have the right to:
- Restrict processing of your personal data.
- Receive your data in a structured, machine-readable format (data portability).
- Object to processing based on legitimate interests.
- Not be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.
- Lodge a complaint with your national supervisory authority.
We respond to GDPR rights requests within one calendar month, extendable by two additional months for complex requests.
12.3 Brazil (LGPD)
You have rights of confirmation of processing, access, correction, anonymization or deletion of unnecessary data, portability, deletion of consent-based data, information about data sharing, revocation of consent, and complaint to the Autoridade Nacional de Proteção de Dados (ANPD).
12.4 California (CCPA/CPRA)
California residents have the right to:
- Know: request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share information.
- Delete: request deletion of personal information we have collected.
- Correct: request correction of inaccurate personal information.
- Opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising; this right is preserved nonetheless.
- Limit use of sensitive personal information: including any biometric information processed for Vibe Portrait.
- Non-discrimination: we will not discriminate against you for exercising these rights.
You may exercise these rights by contacting privacy@vibecheck.app. We respond within 45 days, extendable by an additional 45 days when reasonably necessary.
You may designate an authorized agent to make a request on your behalf. We may require verification of the agent’s authority and your identity.
12.5 Other U.S. States
Residents of other U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) have rights similar to those described in Section 12.4. Contact privacy@vibecheck.app to exercise these rights.
12.6 Canada (PIPEDA)
You have the right to access and challenge the accuracy of your personal information. We respond within 30 days.
12.7 Australia
You have the right to access and correct personal information, and to opt out of direct marketing. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12.8 Argentina (Law 25,326)
You have rights of access, rectification, update, and deletion. Complaints may be directed to the Agencia de Acceso a la Información Pública (AAIP) at argentina.gob.ar/aaip.
EL TITULAR DE LOS DATOS PERSONALES TIENE LA FACULTAD DE EJERCER EL DERECHO DE ACCESO A LOS MISMOS EN FORMA GRATUITA A INTERVALOS NO INFERIORES A SEIS MESES, SALVO QUE SE ACREDITE UN INTERÉS LEGÍTIMO AL EFECTO CONFORME LO ESTABLECIDO EN EL ARTÍCULO 14, INCISO 3 DE LA LEY Nº 25.326.
LA AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA, EN SU CARÁCTER DE ÓRGANO DE CONTROL DE LA LEY Nº 25.326, TIENE LA ATRIBUCIÓN DE ATENDER LAS DENUNCIAS Y RECLAMOS QUE INTERPONGAN QUIENES RESULTEN AFECTADOS EN SUS DERECHOS POR INCUMPLIMIENTO DE LAS NORMAS VIGENTES EN MATERIA DE PROTECCIÓN DE DATOS PERSONALES.
12.9 India (DPDP Act)
Indian users have rights of access, correction, completion, updating, erasure, and grievance redressal. For grievances, contact our designated officer at privacy@vibecheck.app, or escalate to the Data Protection Board of India.
12.10 Republic of Korea (PIPA)
Korean users have rights to access, correction, deletion, and suspension of processing. Complaints may be directed to the Personal Information Protection Commission (PIPC).
12.11 Identity Verification
To protect your privacy, we may need to verify your identity before responding to a rights request. We may ask for information sufficient to confirm that you are the data subject (or an authorized representative). If we cannot verify your identity, we may decline the request and inform you of the reason.
12.12 Parental Rights
If you are the parent or legal guardian of a user under 18 (or under the age of digital consent in your jurisdiction), you may exercise data rights on behalf of your child, including the right to access, correct, delete, and withdraw consent for processing. Contact privacy@vibecheck.app.
13. Security
We implement commercially reasonable technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS 1.2 or higher) for all data sent between your device and our servers and to AI providers.
- Encryption at rest for sensitive data, including authentication credentials and profile photos.
- Secure password hashing using industry-standard algorithms.
- Access controls limiting employee and contractor access to personal data on a need-to-know basis.
- Logging and monitoring for unauthorized access attempts.
- Regular security testing including vulnerability assessments.
- Vendor security review of all third-party processors.
- Employee training on privacy and security obligations.
No method of transmission or storage is completely secure. In the event of a personal data breach, we will notify affected individuals and regulators within the timeframes required by applicable law (including within 72 hours under GDPR and LGPD).
14. Cookies, Tracking, and Mobile Identifiers
14.1 Mobile Application
The VibeCheck mobile application does not use browser cookies. It does not engage in cross-app or cross-site behavioral tracking for advertising purposes.
14.2 Apple App Tracking Transparency
In compliance with Apple’s App Tracking Transparency framework, VibeCheck does not request permission to track you across other companies’ apps and websites because we do not engage in such tracking.
14.3 Web-Based Voting Page
The web-based voting page may use limited session-based storage (such as cookies or localStorage tokens) solely for vote-session integrity, duplicate-vote prevention, and security. These are essential cookies that do not require consent under most cookie laws but, where consent is required (such as in the EEA), we will request it.
14.4 Software Development Kits (SDKs) and Third-Party Data Collection
The App integrates the following SDKs, each of which may collect limited data as necessary for its function:
- Supabase SDK: authentication tokens, database queries.
- Expo SDK: app version, OTA update metadata, anonymous device identifiers.
- RevenueCat SDK: subscription state, anonymous user identifiers, App Store / Google Play receipt data.
- Apple / Google push notification SDKs: push tokens (only if push notifications enabled).
- Crash and diagnostic SDKs (where applicable): crash reports, device model, OS version, app version. No personally identifying content is included.
We do not use advertising SDKs, identity-resolution SDKs, or behavioral tracking SDKs.
15. Third-Party Links and Social Media
The App facilitates sharing to third-party platforms (Instagram, TikTok, X, and others). Once you share content to these platforms, your information is subject to those platforms’ privacy policies, not ours. We are not responsible for the data practices of third-party platforms.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through:
- A prominent notice within the App.
- A push notification (if enabled).
- An updated “Last Updated” date at the top of this Policy.
Where required by applicable law, we will seek your renewed consent before applying material changes to existing data processing.
17. Jurisdiction-Specific Information
- European Economic Area: see Section 18 for our EU representative.
- United Kingdom: the supervisory authority is the Information Commissioner’s Office (ICO) at ico.org.uk.
- Brazil: the supervisory authority is the Autoridade Nacional de Proteção de Dados (ANPD).
- Canada: complaints may be directed to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
- Australia: complaints may be directed to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
- Argentina: complaints may be directed to the Agencia de Acceso a la Información Pública (AAIP) at argentina.gob.ar/aaip.
- India: complaints may be directed to the Data Protection Board of India.
- Republic of Korea: complaints may be directed to the Personal Information Protection Commission (PIPC).
18. EU Representative
Pursuant to Article 27 of the GDPR, we are in the process of designating a representative in the European Union. Until that designation is complete, EEA users may direct any GDPR-related inquiries or complaints to privacy@vibecheck.app, and we will route them to our EU representative once appointed.
19. Data Protection Officer
Where required by applicable law (including under LGPD Article 41 for Brazilian operations and the DPDP Act for Significant Data Fiduciaries in India), we designate a Data Protection Officer.
Until a dedicated DPO contact is published, all DPO inquiries — including from Brazilian users — may be addressed to privacy@vibecheck.app, which is monitored by the privacy team responsible for these obligations.
For other jurisdictions where a DPO is not required, you may contact privacy@vibecheck.app for any privacy-related inquiry.
20. Language Versions
This Privacy Policy is published in English. We may make translated versions available, including in Spanish (Argentine variant), for the convenience of our users. In the event of any inconsistency between the English version and a translated version, the English version controls, except where mandatory law in your jurisdiction requires otherwise (including, without limitation, where Argentine consumer-protection law requires that consumer-facing notices be provided in Spanish).
21. Contact Us
Motus Labs, LLC
5798 SW 68th St
Miami, FL 33143
United States
This Privacy Policy was last reviewed and updated on May 7, 2026.