Privacy Policy

1. Who we are

Controller / Operator: Individual Entrepreneur Gaukhar Muldagaliyeva

Location: Almaty, Kazakhstan

Website: vibeocus.com

Privacy contact: support@vibeocus.com

If you have questions about this Privacy Policy or your personal data, you can contact us at the email address above.

2. Summary

Vibeocus is built to minimize the data we collect. In short:

• We do not store your project workspace data on Vibeocus servers.
• Your projects, tasks, notes, documents, rules, relations, Git metadata, Vault items, Freeform boards, dashboard data, activity, and secrets are stored locally on your device unless you choose to sync, export, expose, or share them.
• Optional iCloud sync uses your own Apple iCloud account.
• Payments, invoices, tax handling, license keys, customer portal access, and billing records are processed by a payment provider.
• MCP tools can expose selected local project context to agents running on your machine or to third-party AI tools you choose to use.
• We do not sell your workspace data.
• We do not use your workspace content to train AI models.

3. Information we collect

Website and waitlist information: when you visit our website or join the waitlist, we may collect your email address, name if provided, waitlist signup date and status, communication preferences, and basic technical information such as IP address, browser type, device type, operating system, referring page, and access timestamps.

License and account information: when licensing is enabled, we may process customer name and email address, license key, license status, activation status, expiration date, activation count, device or instance identifier, app version, platform, activation timestamps, and billing identifiers provided by the payment provider.

Payment and billing information: payments, invoices, tax records, checkout, refunds, customer portal access, and billing management are handled by our payment provider. We do not store full credit card numbers or full payment card details.

Local workspace data: Vibeocus may store projects, project paths, Vault paths and items, tasks, notes, documents, Markdown files, project rules, relations, Freeform boards, dashboard data, Git metadata, commits, branches, diffs, file statistics, recent activity, widget data, secrets, MCP configuration, and app settings locally on your device.

Secrets and credentials: we do not intentionally collect or store your secrets on Vibeocus servers. Secrets may be exposed outside your device only if you choose to sync selected data through iCloud, export data, expose a secret through MCP, connect an agent or external tool, send the secret to support, or include it in logs, screenshots, documents, or messages you share.

Optional iCloud sync: if you enable iCloud sync, Vibeocus may export selected application data to your own Apple iCloud storage so that your data can be available across your devices, including the mobile companion app. Apple controls the Apple Account, iCloud infrastructure, iCloud storage, and iCloud security settings.

MCP and agent access: Vibeocus may provide MCP tools that allow compatible local agents or AI coding tools to interact with selected project context. Depending on your configuration, MCP tools may read project information, inspect selected documents and activity, create tasks, create or update Freeform boards, and access selected secrets if explicitly allowed.

Support and diagnostics: if you contact support, we may collect your name and email address, support messages, screenshots or recordings you provide, logs or diagnostic files you choose to send, app version, operating system version, device type, license status, and error details.

4. How we use information

We may use collected information to:

• operate and maintain the website;
• manage the waitlist;
• send launch and product updates;
• process purchases and license activations;
• validate licenses and prevent abuse;
• provide customer support;
• troubleshoot bugs and technical issues;
• improve website and product reliability;
• maintain security;
• comply with legal, tax, accounting, fraud prevention, and regulatory obligations;
• communicate important product, license, privacy, or security updates.

We do not use your local workspace content for advertising.

We do not use your local workspace content to train AI models.

5. Legal bases for processing

Where GDPR, UK GDPR, or similar laws apply, we rely on contract, consent, legitimate interests, and legal obligation as legal bases for processing.

We process license, account, activation, and support data when necessary to provide the product, validate access, manage your license, and deliver support.

We process waitlist and marketing communications based on your consent where required. You can unsubscribe or withdraw consent at any time.

We may process limited website, license, diagnostic, and security information to operate the product, prevent fraud, troubleshoot issues, protect our service, and improve reliability.

We may process or retain certain information when necessary to comply with applicable law, tax, accounting, sanctions, fraud prevention, or regulatory obligations.

6. Sharing of information

We may share limited information with service providers only when necessary to operate Vibeocus. These providers may include:

• payment and licensing providers;
• hosting and infrastructure providers used to host the website, waitlist, documentation, static assets, emails, or support tools;
• email and communication providers used to send waitlist updates, launch emails, product notices, and support replies;
• Apple iCloud, if you enable iCloud sync;
• agents, MCP clients, and AI tools chosen by you;
• legal and safety recipients if required by law, legal process, regulation, court order, or to protect rights, property, or safety;
• business transfer recipients if Vibeocus is involved in a merger, acquisition, financing, reorganization, or sale of assets.

We do not sell your personal information.

We do not sell your workspace content.

7. International transfers

Vibeocus may use service providers located in different countries. Your information may be processed in countries other than the country where you live.

Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections, provider security commitments, or other legally recognized transfer mechanisms.

8. Retention

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Local workspace data remains on your device until you delete it, remove the app data, delete the project, clear the relevant storage, or otherwise export or erase it.

Data synced through iCloud remains in your Apple iCloud account until it is deleted through Vibeocus, device settings, iCloud settings, or other Apple-provided controls.

Waitlist information is retained until you unsubscribe, request deletion, or until it is no longer needed for launch and product communication purposes.

License and billing-related records may be retained while your license is active and for as long as necessary for support, fraud prevention, accounting, tax, legal, and business record purposes.

Support messages and related diagnostics may be retained for as long as necessary to resolve your request, maintain support history, and improve product reliability, unless a longer retention period is required by law.

Website and security logs may be retained for limited periods by us or our hosting providers to maintain security, prevent abuse, and troubleshoot technical issues.

9. Security

Vibeocus is designed to reduce unnecessary data collection by keeping workspace data local-first. We use reasonable technical and organizational measures to protect the information we process. However, no method of transmission, storage, software protection, cloud sync, or device security is 100% secure. You are responsible for:

• securing your device;
• using strong device passwords;
• protecting your Apple Account;
• managing iCloud security settings;
• controlling which agents and MCP clients you connect;
• deciding which documents, secrets, and project data to expose;
• avoiding accidental sharing of sensitive data in support requests, screenshots, logs, or agent prompts.

10. Your choices and rights

Depending on your location and applicable law, you may have rights to access personal data we hold about you, correct inaccurate information, request deletion, object to certain processing, restrict certain processing, request a copy of your data, withdraw consent, unsubscribe from marketing or waitlist emails, or lodge a complaint with a data protection authority.

You can contact us at support@vibeocus.com to exercise privacy rights.

For billing, invoices, payment methods, subscription management, or license portal access, you may also need to use the payment provider’s customer portal.

For local workspace data, you can delete data directly from your device, app storage, project folders, or iCloud settings where applicable.

For MCP access, you can disable MCP tools, disconnect agents, or change which data is exposed.

11. California and similar US state privacy rights

Where applicable, residents of California or other US states with privacy laws may have rights to know, access, correct, delete, or opt out of certain uses of personal information.

Vibeocus does not sell personal information.

Vibeocus does not sell workspace content.

Vibeocus does not knowingly use sensitive personal information to infer characteristics for advertising purposes.

To submit a privacy request, contact support@vibeocus.com.

12. Cookies and analytics

Our website uses necessary cookies and similar technologies to operate the site, prevent abuse, maintain security, remember cookie preferences, and process waitlist or support submissions.

We use Cloudflare Turnstile and related security checks to protect public forms from spam and automated abuse.

We use Google Analytics only after you allow analytics cookies and similar technologies through our cookie preferences interface. If you reject non-essential cookies, Google Analytics is not loaded by our website.

We do not currently use advertising cookies, retargeting pixels, or cross-site marketing trackers.

For details, see our Cookie Policy at /cookies.

13. Third-party links and services

Our website or app may link to third-party websites, documentation, payment portals, Apple services, AI tools, MCP clients, or developer tools.

We are not responsible for the privacy practices of third-party services. You should review their privacy policies before using them or exposing your project data to them.

14. Children’s privacy

Vibeocus is not directed to children under the age required by applicable law to consent to online services.

We do not knowingly collect personal information from children where parental consent is required. If you believe a child has provided personal information to us without appropriate consent, contact us at support@vibeocus.com.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the “Last updated” date and, where appropriate, notify users through the website, app, email, or other reasonable means.

Your continued use of Vibeocus after an updated Privacy Policy becomes effective means you accept the updated policy.

16. Contact

For privacy questions, requests, or concerns, contact:

Vibeocus Privacy Contact

Individual Entrepreneur Gaukhar Muldagaliyeva

Almaty, Kazakhstan

Email: support@vibeocus.com