Legal

Privacy Policy

Last updated: 1 January 2025

This Privacy Policy explains how VibraPress (“VibraPress”, “we”, “us”) collects, uses, and safeguards your personal data when you visit vibrapress.com or interact with us. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and applicable national implementing laws.

1. Data controller

The data controller responsible for your personal data is VibraPress [legal entity name — to be confirmed], [registered address — to be confirmed]. For any privacy matter you can contact us at hello@vibrapress.com.

2. Categories of personal data we collect

  • Identification & contact data you provide via forms: name, email, phone (optional), and any free-text content you choose to send us (e.g. project description).
  • Waitlist data: the plan you registered interest in and an optional short description.
  • Technical data strictly necessary to deliver the site: IP address (transient, used to route the request), user-agent string, and basic request metadata.
  • Consent data: a record of your cookie choices, the policy version in force, and a timestamp.
  • Optional analytics, marketing, and preference data: only collected if you give consent via the cookie banner. See our Cookie Policy for details.

3. Purposes and legal bases

  • Respond to your enquiries and provide the service (waitlist, contact, demo). Legal basis: performance of a contract or pre-contractual steps at your request (Art. 6(1)(b) GDPR), and our legitimate interest in operating our business (Art. 6(1)(f) GDPR).
  • Operate, secure, and maintain the site. Legal basis: legitimate interest (Art. 6(1)(f)) in delivering a safe, functional service.
  • Record cookie consent. Legal basis: legal obligation (Art. 6(1)(c)) and our need to demonstrate compliance with the ePrivacy Directive and GDPR.
  • Analytics, marketing, and personalization. Legal basis: your consent (Art. 6(1)(a)), freely given via the cookie banner and withdrawable at any time.
  • Comply with legal obligations (e.g. responding to lawful requests). Legal basis: Art. 6(1)(c) GDPR.

4. Recipients and processors

We share personal data only with vetted service providers acting as processors on our behalf, and only as necessary to operate the service:

  • Hosting & backend: Supabase (database, authentication) and Cloudflare (edge hosting, CDN).
  • Email & scheduling: standard email and TidyCal (used only if you book a call).
  • Initiative partners: VibraPress is operated alongside TOMORROWerse Capital, TMRW Venture Network, and Mushbloom Marketing Agency. We do not share personal data with them for marketing without your separate consent.

We do not sell personal data and we do not share it with advertising networks unless you have given marketing consent.

5. International transfers

Some of our processors may store or process data outside the European Economic Area. Where this is the case, we rely on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) and supplementary measures to ensure an equivalent level of protection.

6. Retention

  • Waitlist submissions: kept while the prelaunch programme is active and for up to 24 months after, unless you ask us to delete sooner.
  • Contact & enquiry messages: kept for up to 24 months from last interaction.
  • Consent log: kept for as long as we are legally required to demonstrate consent (typically up to 3 years) and then deleted or anonymized.
  • Analytics & marketing data: only retained while you maintain consent; deleted when you withdraw.

7. Your rights under the GDPR

You have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Request rectification of inaccurate data (Art. 16).
  • Request erasure (“right to be forgotten”, Art. 17).
  • Restrict or object to processing (Art. 18 and 21).
  • Data portability for data you provided (Art. 20).
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3)).

To exercise any of these rights, email hello@vibrapress.com or use our privacy request page. We will respond within one month.

8. Right to lodge a complaint

You have the right to lodge a complaint with your local EU/EEA data protection supervisory authority. A list is available at edpb.europa.eu.

9. Withdrawing consent

You can withdraw cookie consent at any time using the “Privacy settings” link in the footer. Withdrawing consent stops further optional processing; data already collected up to that point remains lawful.

10. Security

We apply organisational and technical measures appropriate to the risk: HTTPS/TLS in transit, encrypted storage, role-based access controls, row-level security on our database, and the principle of least privilege for staff access. No system is perfectly secure, but we work to minimise risk.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be highlighted on the site.

12. Contact

For any privacy question or request, email hello@vibrapress.com.