Legal

Privacy Policy

Effective date: April 13, 2026 · Last updated: April 13, 2026

Your privacy matters to us. This Privacy Policy explains how VibeForge collects, uses, and protects your personal information when you use our platform.

1. Who We Are

VibeForge ("we", "us", "our") operates the VibeForge platform, a browser-based Shopify AI theme studio. For privacy inquiries, contact us at: privacy@vibeforge.dev

2. Information We Collect

We collect information you provide directly (name, email, password), information generated by your use of the Service (projects, theme files, version history, AI prompts), and technical information (IP address, browser type, session data, usage analytics). If you connect a Shopify store via OAuth, we store your store domain and access token (encrypted). If you subscribe, Stripe collects payment information — we never store raw card numbers.

3. How We Use Your Information

We use your information to: (a) provide, maintain, and improve the Service; (b) process payments and manage your subscription; (c) connect to your Shopify store on your behalf; (d) send transactional emails (account creation, password reset, billing receipts); (e) detect and prevent fraud, abuse, and security incidents; (f) comply with legal obligations. We do not sell your personal information to third parties.

4. AI Providers and Your Data

When you use AI features, your prompts, theme file context, and optionally your store screenshots are sent to the AI provider you select (Anthropic, OpenAI, Google, xAI, or OpenRouter). Your data is processed subject to each provider's own privacy policy and data handling terms. If you supply your own API key, requests are made directly from our servers to the provider — we do not log prompt content beyond what is necessary for error debugging.

5. Third-Party Services

We use the following third-party services, each with their own privacy policies: • Stripe — payment processing (stripe.com/privacy) • Google — OAuth sign-in (policies.google.com/privacy) • Shopify — store OAuth integration (shopify.com/legal/privacy) • Neon (PostgreSQL) — database hosting • Vercel — application hosting and edge network These services may collect data in accordance with their own terms.

6. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Neon on AWS infrastructure. Shopify access tokens and user-provided AI API keys are encrypted at rest using AES-256-GCM. We use HTTPS for all data in transit. While we take reasonable security measures, no system is completely secure and we cannot guarantee absolute security of your data.

7. Data Retention

We retain your account data for as long as your account is active. Project files and version history are retained until you delete them or close your account. Upon account deletion, your personal data is removed within 30 days. Anonymized usage analytics may be retained indefinitely. Stripe retains transaction records as required by financial regulations.

8. Your Rights

Depending on your location, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; export your data in a portable format; withdraw consent where processing is based on consent; lodge a complaint with your local data protection authority. To exercise these rights, contact us at privacy@vibeforge.dev. We will respond within 30 days.

9. Cookies

We use session cookies required for authentication (Auth.js session token). We do not use third-party advertising cookies. Analytics, if any, use privacy-respecting tools that do not track individuals across sites. You may disable cookies in your browser settings, but this will prevent you from logging in to the Service.

10. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us immediately and we will delete it.

11. International Transfers

VibeForge is operated from Canada. If you access the Service from outside Canada, your data may be transferred to and processed in Canada and other countries where our service providers operate. By using the Service, you consent to these transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

For privacy-related questions, data requests, or concerns: Email: privacy@vibeforge.dev We aim to respond to all inquiries within 5 business days.