Privacy Policy

Effective Date: April 29, 2026

1. Introduction

Welcome to vibeasite ("vibeasite", "we", "us", or "our"). vibeasite is operated by Tyga.Cloud Ltd, a company registered in England and Wales (Company Number 14643275), with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at vibeasite.com and use our AI-powered website builder platform (the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Applicability

This Privacy Policy applies to all information collected through our Service, including our website at vibeasite.com, any related subdomains, mobile applications, APIs, and any other services or tools offered by vibeasite (collectively, the "Platform").

Tyga.Cloud Ltd is the data controller for the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

For the purposes of this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws.

3. Information We Collect

3.1 Account Information

When you register for an account on vibeasite, we collect the following personal data:

• Full name
• Email address
• Password (stored in hashed form; we never store plaintext passwords)
• Profile preferences and settings

3.2 Billing Information

When you subscribe to a paid plan, billing and payment processing is handled by our third-party payment processor, Stripe, Inc. We do not store your full credit card number, debit card number, or bank account details on our servers. We may receive and store the following from Stripe:

• Last four digits of your payment card
• Card brand and expiry date
• Billing address
• Stripe Customer ID and Subscription ID
• Transaction history and invoice records

3.3 Generated Content and Project Files

When you use vibeasite to create websites, we collect and store:

• AI-generated website code (HTML, CSS, JavaScript)
• Project configurations and settings
• Template selections and customisations
• Uploaded assets (images, media files)
• Version history of your projects

3.4 Usage Data

We automatically collect information about your interactions with the Service, including:

• Which templates and sections you use
• Number of credits consumed per session and over time
• Feature usage patterns and frequency
• Session durations and activity timestamps
• AI provider selections

3.5 AI Interaction Logs

As an AI-powered service, we process and may store:

• Prompts and instructions you send to the AI system
• Code and content generated in response to your requests
• Error logs and debugging information from AI interactions
• Token usage metrics per interaction

We use AI interaction logs to improve service quality, debug issues, and monitor for abuse. We do not use your prompts or generated content to train third-party AI models.

3.6 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity. This includes:

• Essential cookies: Required for the Service to function (authentication, session management, security).
• Analytics cookies: Help us understand how users interact with the Service so we can improve it.
• Preference cookies: Store your settings and preferences (e.g., theme selection).

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

3.7 Device and Log Data

When you access the Service, our servers automatically record:

• IP address
• Browser type and version
• Operating system
• Referring and exit URLs
• Date and time of access
• Pages visited and actions taken

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

• To create and manage your account
• To process your AI website generation requests
• To manage your subscription, credits, and billing
• To host, store, and serve your generated websites
• To provide customer support

4.2 Service Improvement

• To analyse usage patterns and improve our templates, sections, and AI capabilities
• To monitor and optimise platform performance, reliability, and token efficiency
• To develop new features and services
• To conduct internal research and analytics

4.3 Communications

• To send you transactional emails (account verification, password resets, billing receipts)
• To send you service-related announcements (maintenance, updates, security alerts)
• To send you marketing communications (with your consent, where required by law)

You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at dpo@tyga.cloud.

4.4 Security and Fraud Prevention

• To detect, prevent, and respond to fraud, abuse, and security incidents
• To enforce our Terms of Service and Acceptable Use Policy
• To monitor for and prevent misuse of AI capabilities
• To comply with legal obligations

5. Information Sharing

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, including:

• Stripe, Inc. — Payment processing and subscription management.
• Cloud hosting providers — Infrastructure and data storage for your generated websites and project files.
• Analytics providers — To help us understand Service usage and improve performance.
• AI model providers — To process your website generation requests (prompts are sent to AI providers under data processing agreements).
• Email service providers — To send transactional and marketing emails.

All service providers are contractually obligated to handle your data in accordance with applicable data protection laws and only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

6. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe that we may have collected data from a person under 18, please contact us immediately at dpo@tyga.cloud.

7. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Rectification: You may request that we correct any inaccurate or incomplete personal data.
• Erasure: You may request that we delete your personal data, subject to certain exceptions (e.g., legal obligations, legitimate interests).
• Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format.
• Objection: You may object to the processing of your personal data for certain purposes, including direct marketing.
• Withdraw Consent: Where we rely on your consent for processing, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at dpo@tyga.cloud. We will respond to your request within 30 days, or within the timeframe required by applicable law.

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed. In the UK, the relevant authority is the Information Commissioner's Office (ICO).

8. Security and Storage

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Hashed and salted password storage
• Regular security assessments and vulnerability testing
• Access controls and role-based permissions for internal systems
• Secure cloud infrastructure with industry-standard certifications
• Automated monitoring and alerting for security incidents

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to implementing and maintaining industry best practices.

9. International Data Transfers

Tyga.Cloud Ltd is based in the United Kingdom. Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including the United Kingdom, the European Economic Area (EEA), and the United States.

Where we transfer personal data outside of the UK or EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office
• Transfers to countries deemed to provide an adequate level of data protection
• Other legally approved transfer mechanisms

For more information about the safeguards we use for international transfers, please contact us at dpo@tyga.cloud.

10. EU and UK GDPR Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply to you under the EU GDPR and UK GDPR respectively.

10.1 Legal Bases for Processing

We process your personal data on the following legal bases:

Purpose	Legal Basis
Account creation and management	Performance of a contract (Article 6(1)(b))
Payment processing and billing	Performance of a contract (Article 6(1)(b))
AI website generation and hosting	Performance of a contract (Article 6(1)(b))
Service improvement and analytics	Legitimate interests (Article 6(1)(f))
Security and fraud prevention	Legitimate interests (Article 6(1)(f))
Marketing communications	Consent (Article 6(1)(a))
Legal compliance	Legal obligation (Article 6(1)(c))

10.2 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specifically:

• Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
• Generated websites and project files: Retained for the duration of your account. Deleted within 90 days of account closure unless you export them first.
• Billing and transaction records: Retained for up to 7 years after the end of your subscription to comply with tax and accounting obligations.
• AI interaction logs: Retained for up to 12 months for service improvement and debugging purposes, then anonymised or deleted.
• Usage and analytics data: Retained in anonymised or aggregated form indefinitely for statistical analysis.
• Server logs: Retained for up to 90 days.

10.3 Automated Decision-Making

Our Service uses AI to generate website code based on your inputs. This constitutes automated processing but does not involve automated decision-making that produces legal effects or similarly significantly affects you. The AI-generated output is a tool for you to review, modify, and control.

10.4 Data Protection Officer

For any questions or concerns regarding the processing of your personal data under the GDPR, please contact our Data Protection Officer at dpo@tyga.cloud.

11. California CCPA Disclosures

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

11.1 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, account identifiers.
• Commercial information: Subscription and billing records, transaction history, credit usage.
• Internet or electronic network activity: Browsing history on our Service, usage data, AI interaction logs.
• Professional or employment-related information: Only if voluntarily provided in your profile.
• Inferences: Usage patterns, preferences, and feature engagement derived from the above.

11.2 Your California Rights

As a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell.
• Delete personal information we have collected from you, subject to certain exceptions.
• Correct inaccurate personal information we hold about you.
• Opt-out of the sale or sharing of your personal information. We do not sell your personal information.
• Non-discrimination for exercising your CCPA rights.

To exercise your California privacy rights, please contact us at dpo@tyga.cloud or write to us at the address listed in the Contact Us section below. We will verify your identity before processing your request.

11.3 Do Not Sell or Share

We do not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioural advertising purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Privacy Policy
• Post the updated Privacy Policy on the Service
• Notify you by email or through a prominent notice on the Service for material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the posting of changes constitutes your acceptance of such changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Data Protection Officer: dpo@tyga.cloud
• Company: Tyga.Cloud Ltd
• Company Number: 14643275
• Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
• Website: vibeasite.com