Legal

Privacy
Policy

Last updated: March 2026

We keep this short and honest. We only collect what we need, we don't sell your data, and we give you control over it.

1. Who We Are

VibeFix ("we", "us", "our") is operated by VibeFix Technologies and operates vibefix.co — a bounty marketplace for vibe-coded apps. For any privacy questions, contact us at hello@vibefix.co.

For purposes of India's Digital Personal Data Protection Act, 2023 (DPDP Act), VibeFix Technologies is the Data Fiduciary. You may contact us regarding any data protection concerns at hello@vibefix.co.

2. What We Collect

Account information

• ▸Name and email address (collected via Clerk authentication)
• ▸Profile photo (if you use Google OAuth)
• ▸Your chosen role (Vibe Coder or Bounty Hunter)

Bounty and submission data

• ▸Job titles, descriptions, and screenshots you upload
• ▸Developer submissions, repo links, and solution descriptions
• ▸Messages exchanged within the platform

Payment information

• ▸Transaction amounts, bounty values, and payment status
• ▸We never store your card details. All card processing is handled by Razorpay.
• ▸For developer payouts, we may collect bank account or UPI details for manual transfers

API keys

• ▸If you generate an API key, it is stored on your profile. API keys are used to authenticate requests to the VibeFix API and MCP server.
• ▸API keys are hashed for storage where possible. We log API key usage for rate limiting and abuse prevention.

Playground data

• ▸URLs submitted to the Playground are stored and displayed publicly.
• ▸Finding submissions (title, description, optional video URL) are publicly visible.
• ▸Optional submitter name and email. Your email is stored to notify you if a finding is escalated to a bounty — it is not displayed publicly.

Diagnose / scan data

• ▸URLs submitted for scanning are stored along with scan results (Lighthouse scores, detected JavaScript errors, AI-generated summaries).
• ▸Scan results are associated with the submitter's account (if authenticated) or stored anonymously.
• ▸We do not access, store, or transmit any data from the scanned site beyond what is visible on its public pages.

Usage data

• ▸Pages visited, features used, and timestamps (standard web analytics)
• ▸Browser type and rough location (country level only)

3. How We Use Your Data

• ▸To operate the marketplace — matching Vibe Coders with Bounty Hunters, processing payments, and releasing bounties
• ▸To send transactional emails (new submission alerts, payment confirmations, payout notifications, playground finding alerts via Resend)
• ▸To resolve disputes and enforce our Terms & Conditions
• ▸To improve the platform (aggregate, anonymised analytics only)
• ▸To provide diagnostic scan results and AI-generated reports
• ▸To authenticate API and MCP server requests

When you make a payment, we share your name, email, and transaction details with Razorpay (our payment processor) for payment processing, fraud prevention, and compliance with applicable laws. This is the minimum data required for the transaction.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.

4. Consent & Legal Basis

Under India's DPDP Act and applicable international data protection laws, we process your personal data based on:

• ▸Consent — When you create an account, submit content, or make a payment, you consent to the collection and processing of your data as described in this policy.
• ▸Contractual necessity — Processing required to provide you with the services you requested (payment processing, bounty matching, email notifications).
• ▸Legitimate interest — Platform security, fraud prevention, dispute resolution, and service improvement.
• ▸Legal obligation — Financial record retention as required by Indian tax and financial regulations.

You may withdraw your consent at any time by deleting your account or contacting us at hello@vibefix.co. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Third-Party Services

We use the following services to operate VibeFix:

Each service has its own privacy policy. We only share the minimum data required for them to function. We do not transfer personal data to any country that does not provide adequate data protection without appropriate safeguards.

6. Cookies & Local Storage

VibeFix uses a minimal set of cookies and browser storage:

• ▸We do not use advertising cookies or tracking pixels.
• ▸Essential cookies cannot be disabled as they are required for the platform to function.
• ▸You can manage cookies through your browser settings at any time.

7. Data Retention

• ▸Account data is retained while your account is active.
• ▸Payment and transaction records are retained for a minimum of 10 years as required by applicable financial regulations and our payment processor's terms.
• ▸Job and submission data is retained indefinitely for dispute resolution and audit purposes.
• ▸Playground findings and scan results are retained indefinitely unless the playground owner deletes the playground.
• ▸API usage logs are retained for 90 days.
• ▸If you delete your account, we anonymise your personal details within 30 days, but job/submission and payment records may remain in anonymised form.

8. Your Rights

Under the DPDP Act and applicable data protection laws, you have the following rights as a Data Principal:

• ▸Right to Access — request a summary of your personal data and how it is being processed
• ▸Right to Correction — update inaccurate or incomplete information via your profile settings or by contacting us
• ▸Right to Erasure — request deletion of your personal data (subject to retention requirements and legitimate interests)
• ▸Right to Withdraw Consent — withdraw consent for non-essential data processing at any time
• ▸Right to Grievance Redressal — if unsatisfied with our response, you may file a complaint with the Data Protection Board of India
• ▸Right to Nominate — nominate another person to exercise your data rights in case of death or incapacity

To exercise any of these rights, email hello@vibefix.co. We'll respond within 30 days. If we require more time, we will inform you of the reason for the delay.

9. Security

All data is transmitted over HTTPS. Authentication is handled by Clerk with industry-standard security practices. Files (screenshots) are stored in Convex's encrypted storage. We don't store passwords — Clerk manages authentication credentials.

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required by applicable law.

10. Children's Data

VibeFix is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@vibefix.co.

11. Chrome Extension

The VibeFix Error Reporter Chrome extension captures JavaScript errors that occur in your browser to help you post bug bounties quickly.

• ▸Local storage only. Captured errors (message, stack trace, page URL) are stored exclusively in your browser using Chrome's local storage API. Nothing is sent to VibeFix servers automatically.
• ▸You decide what to share. Error data is only transmitted to VibeFix when you explicitly click "Post Bounty", at which point it is pre-filled into the job creation form as URL parameters.
• ▸No tracking. The extension does not track your browsing, collect analytics, or share any data with third parties.
• ▸Cleared on demand. You can clear all captured errors at any time via the "Clear all" button in the extension popup.

12. International Data Transfers

VibeFix is based in India. Our third-party service providers (Clerk, Convex, Vercel, Resend) may process data in the United States or other countries.

• ▸By using VibeFix, you consent to the transfer of your data to India and other countries where our service providers operate.
• ▸We ensure that any cross-border data transfers comply with applicable data protection laws and that our service providers maintain adequate security measures.
• ▸For users in the European Economic Area (EEA) or other jurisdictions with data transfer restrictions, we rely on standard contractual clauses or other approved transfer mechanisms where required.

13. Changes to This Policy

We'll update this page when our practices change and update the "Last updated" date above. For significant changes, we'll notify you by email before they take effect. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.