VibeLink Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how VibeLink ("we," "our," or "us") collects, uses, and protects information when you use the VibeLink app and related services (the "Service"). It applies to all features of the Service, including link conversion, social profiles, events, partner perks, premium handles, and the gig board.

1. Information We Collect

1.1 Information You Provide

• Music links: URLs you paste for conversion. Processed in real time and optionally retained in your conversion history.
• Profile information: Username, display name, profile picture, bio, profile links, and any other content you choose to add to your profile.
• Posts and social content: Posts you publish, reactions, replies, and follow relationships.
• Events and discount codes: If you host events, the event metadata you enter (title, date, location, image URL, discount code, and label).
• Gig listings and applications: If you post a gig, the listing's text fields. If you apply to a gig, the optional pitch you submit and the status assigned by the host.
• Reports: If you report a gig or other content, the report reason, optional details, and the targeted content.
• Authentication identifiers: Email address, Apple ID identifier, or Google account identifier when you sign in with one of those methods.
• Payment information: Subscriptions and purchases are processed by Apple App Store or Google Play. We do not collect or store payment card details.

1.2 Information Automatically Collected

• Device identifier: An anonymous device ID used to scope daily usage limits and tie purchases to your device.
• Account identifier: A UUID used to persist your account across sessions and devices.
• Conversion history: The links you have converted, stored to power your history and stats surfaces.
• Streak data: Your daily conversion streak counts and milestone state.
• Engagement signals: Which features you use, aggregated for product analytics.
• Technical data: Device type, operating system version, and app version for troubleshooting.
• Push tokens: Firebase Cloud Messaging tokens used to deliver push notifications when you opt in.

2. How We Use Your Information

• Operate music link conversion across Spotify, Apple Music, YouTube Music, and SoundCloud.
• Provide and personalize social features including profiles, follows, the discovery feed, and Vibe Match.
• Run the events surface, including discount-code reveal, claim tracking, and per-event host analytics.
• Operate the gig board, including listing publication, application matching, status updates, and report moderation.
• Validate subscriptions and entitlements (Pro, Lifetime, Promoter) with Apple and Google receipt servers.
• Send optional push notifications about streaks, follows, conversions, event reveals, and gig activity, where you have enabled them.
• Investigate suspected violations of the Terms of Service and protect the integrity of the Service.
• Respond to your support requests.
• Improve performance, debug failures, and fix bugs.

3. Third-Party Music Services

VibeLink integrates with the following third-party music platforms to function:

• Spotify Web API for track search and identification, and for personal playlist creation if you authorize it.
• YouTube Data API for video resolution and personal playlist creation if you authorize it. By using YouTube integration features, you also agree to the YouTube Terms of Service.
• Apple Music API for catalog search and, if you authorize MusicKit, personal playlist creation.
• SoundCloud for track resolution.

We access only public catalog metadata (titles, artists, albums) unless you grant a connection that requires more. Listening history and private playlists are not accessed unless you explicitly grant the relevant scope during connection.

Each third party's privacy policy applies to the data they collect through their own platform:

• Google / YouTube: policies.google.com/privacy
• Spotify: spotify.com/legal/privacy-policy
• Apple: apple.com/legal/privacy

4. Authentication Token Storage

When you connect a music service for personal playlist creation, we store the resulting authentication tokens so the Service can act on your behalf without re-authenticating on every request.

• Tokens stored: Spotify OAuth access token and refresh token; YouTube OAuth access token and refresh token; Apple Music Music-User-Token from the MusicKit SDK.
• Where stored: In our encrypted PostgreSQL database hosted on Railway.
• How protected: Encrypted at rest, transmitted over HTTPS, and accessed only by authorized server functions.
• Refresh: Spotify and YouTube access tokens expire after one hour and are refreshed automatically using the stored refresh token. Apple Music tokens are reused until you disconnect or re-authorize.
• Revocation: Disconnect a service in app Settings, or revoke directly with the provider:
  • Spotify: spotify.com/account/apps
  • Google / YouTube: myaccount.google.com/permissions
  • Apple Music: revoke MusicKit permission in your device settings
• Account deletion: All stored tokens are deleted when you delete your account in Settings → Danger Zone.

Basic link conversion does not require any third-party authentication and stores no tokens.

5. Social, Events, and Gig Data

The Service includes user-facing surfaces where content you create is visible to other users:

• Public profiles: Your username, display name, profile picture, bio, profile links, top platforms, and current Now Playing are visible to anyone with the link.
• Follows and feed: Your conversions and posts are visible to your followers, and to users browsing your public profile.
• Events: Event listings are public. Discount-code claims are visible to the event host in aggregate analytics (count, daily breakdown) and as a host-facing claimer list (username, display name, profile image, claimed-at timestamp).
• Premium handle reservations: The fact that a handle is reserved is visible to users attempting to claim it. The identity of the reserver is visible to admin only.
• Gig listings: Listings are public. Applications are visible to the host of the listing, including your username, display name, profile picture, profile links, optional pitch, and application status.
• Reports: Reports you file are visible to VibeLink admin for moderation. Other users are not shown who reported a given listing.

6. Off-Platform Communication

VibeLink does not relay, monitor, or store messages exchanged off the Service. After a gig application is filed, the host typically contacts the applicant via the public profile links on the applicant's profile (Instagram, SoundCloud, etc.). Those communications are governed by the respective third-party platforms' policies, not this Privacy Policy.

7. Subscriptions, Payments, and Entitlements

Subscriptions and one-time purchases (Pro, Lifetime, Promoter) are billed through Apple App Store or Google Play. We do not see or store your payment card information. We do receive and store transaction identifiers, product identifiers, expiration timestamps, and the resulting entitlement tier, all of which are used to grant access to paid features and to validate receipts on renewal.

8. Notifications

Push notifications are opt-in and can be disabled at any time from your device settings or in app Settings. We use Firebase Cloud Messaging to deliver notifications.

9. Data Storage and Security

• Account, profile, event, gig, and application data is stored in our encrypted PostgreSQL database on Railway.
• Conversion history is stored both locally on your device and on our servers when you are signed in.
• Premium entitlements are validated against Apple App Store and Google Play receipt servers and stored as tier values on your account.
• All connections to our servers use HTTPS.

No system is perfectly secure. We follow industry-standard practices but cannot guarantee absolute security.

10. What We Do Not Do

• We do not sell or rent your personal information.
• We do not share your personal information with advertisers or third-party marketers.
• We do not access your music libraries, listening history, or private playlists without an explicit permission grant.
• We do not store or distribute copyrighted music content. Conversion produces a link to the same track on a different platform; the audio itself is delivered by that platform.
• We do not require account creation for basic link conversion. You can use the app anonymously, with limited features.

11. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request deletion of your account and associated data. You can delete your account at any time in Settings → Danger Zone.
• Export your conversion history and account data on request.
• Opt out of push notifications and cloud sync.
• Withdraw consent for any optional integration (for example, by disconnecting Spotify, YouTube, or Apple Music).

To exercise any of these rights, contact us at support@getvibelink.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when it was last revised. Continued use of the Service after a change indicates acceptance of the revised policy.

14. Contact

Questions about this Privacy Policy or our data practices can be sent to:

• Email: support@getvibelink.com
• Instagram: @getvibelink
• In-app: Settings → Contact Support