Vibe — Privacy Policy
Last updated: 05.07.2026
This Privacy Policy explains how personal data collected through the Vibe mobile application and the vibecadde.com website (the "Platform") is processed, protected and shared. It should be read together with the Privacy Notice.
The Platform is operated by an individual developer operating vibecadde.com. Contact: info@vibecadde.com.
1. Data We Collect
1.1. Data you provide directly
- Account & identity: phone number, name/display name, date of birth, gender, e-mail;
- Profile: photos (up to 6), bio, interests, height, profile prompts;
- Verification: identity-verification selfie (face);
- Preferences (optional, may be special-category): preferred gender/orientation, dating mode, lifestyle (smoking, alcohol, exercise, pets), family plans.
1.2. Data collected automatically during use
- Location: GPS coordinates; background location (geofencing) if permitted;
- Content & communication: messages and attachments, voice messages, story media, voice/video call metadata (duration, parties, status);
- Interaction: likes/passes/super-likes (swipe), matches, views, screen and event data;
- Device & technical: device identifier, model, OS, push token, IP address, session tokens.
1.3. Data received from third parties
- Social login: identity token and —if permitted— name/e-mail received via Google or Apple;
- Payment/subscription: subscription status and transaction info via RevenueCat and app stores.
2. How We Use Data
Data is used for membership and identity verification, the dating/matching service, messaging and calls, story features, location-based matching, safety and fraud prevention, subscription management, sending notifications, analytics/improvement, and meeting legal obligations. For the detailed purpose-to-legal-basis mapping, see Privacy Notice §3–§4.
3. Who We Share Data With
3.1. Other users
Public elements of your profile (display name, photos, age, bio, interests and the information you choose to show) are displayed to users who discover or match with you, as inherent to the service. You can manage the visibility of certain information (age, online status, distance, incognito, read receipts, etc.) in privacy settings.
3.2. Service providers (processors)
| Provider | Purpose | Location |
|---|---|---|
| Google / Firebase | Phone verification, notification infrastructure | USA |
| Google Sign-In | Social login | USA |
| Apple Sign-In | iOS social login | USA |
| Agora | Voice/video calls — real-time relay (not stored) | Abroad (global) |
| RevenueCat | Subscription/purchase management | USA |
| Apple App Store / Google Play | Payments and billing | Abroad |
| Expo / FCM | Push notifications | USA |
| Google Maps | Maps/location display | USA |
| PostHog | Product/usage analytics | EU |
3.3. Legal authorities
Data may be shared with competent public authorities as required by applicable law or their lawful requests.
4. Cross-Border Data Transfers
Due to the technical infrastructure, part of the personal data is transferred to service providers located abroad (see table above). These transfers are carried out under Article 9 of the KVKK as in force since 1 June 2024: based on an adequacy decision where one exists; otherwise on the appropriate safeguards provided by law (standard contractual clauses, binding corporate rules or an undertaking with Board authorisation); or within the incidental cases set out in Article 9. Some core services (e.g. phone verification, calls) may not be technically deliverable without this infrastructure.
5. Analytics and Behavioural Data
The Platform collects usage analytics via PostHog (EU servers) to improve the service. This covers events such as screen views, swipes/matches, message sending, story interactions and subscription events, associated with a user identifier. Sensitive content (message text, photos) is not sent to the analytics service, and session replay is disabled.
6. Data Security
Reasonable technical and administrative measures are applied to protect personal data, including secure storage of authentication tokens (encrypted on-device), encryption of communications (HTTPS/TLS) and protection against unauthorised access. No system is 100% secure, but continuous efforts are made to protect your data.
7. Retention
Data is retained for as long as necessary for the processing purposes and any statutory retention obligations. When an account is deleted, data is deleted, destroyed or anonymised after the grace period, except where retention is legally required. Stories are automatically removed after 24 hours.
8. Children's Privacy
The Platform is not directed at persons under 18, and data is not knowingly collected from them. Accounts found to belong to persons under 18 are closed and their data deleted.
9. Your Rights
To exercise your rights under KVKK Art. 11 (information requests, correction, erasure, objection, etc.), use the application methods in Privacy Notice §8–§9: info@vibecadde.com.
10. Changes
This Privacy Policy may be updated from time to time. Material changes are announced through the Platform. The effective date of the current version is shown at the top of this document.
11. Contact
For privacy-related questions: info@vibecadde.com