Legal

Privacy Policy

Effective date: April 18, 2026

This Privacy Policy explains how vibedsgn (“we”, “us”) collects, uses, and protects your personal data when you use vibedsgn.com (the “Service”). It applies to every visitor, registered member, and contributor of the Service. For the rules that govern your use of the Service, see our Terms of Service.

1. Introduction & Scope

In plain English: this policy tells you what data we collect, why we collect it, and what you can do about it.

vibedsgn is a creator-community platform where designers share “vibe-coded” AI-generated user interfaces, discuss the tools they used, follow each other, and compete on public leaderboards. This Privacy Policy describes how we process personal data in connection with the Service, including the website, user profiles, the tool directory at /tools, the editorial section at /news, and any related emails we send you.

We process personal data in accordance with Regulation (EU) 2016/679 (the “GDPR”) and Polish law.

2. Data Controller & Contact

In plain English: Jakub Kowalik runs vibedsgn as a Polish sole proprietor. He is legally responsible for your data.

The data controller is Jakub Kowalik, operating as Jakub Kowalik Graphic Designer, a sole proprietor registered in the Polish Central Register and Information on Economic Activity (CEIDG).

  • NIP: 7393959038
  • REGON: 520088222
  • Registered address: ul. Iwaszkiewicza 30 lok. 21, 10-089 Olsztyn, województwo warmińsko-mazurskie, Poland
  • Contact email: hello@vibedsgn.com

Because vibedsgn is operated by a sole proprietor, no Data Protection Officer has been appointed; appointment is not required under GDPR Art. 37.

3. Summary — What We Collect

In plain English: the short version, in case you don’t read the rest.

  • Account basics: email address, chosen handle, OAuth identifier (Google or GitHub) if you sign in with one.
  • Profile: anything you put in your bio, avatar, and public links.
  • Content you post: vibes (titles, descriptions, uploaded screenshots, tool tags), comments, likes, bookmarks, follows, tool submissions.
  • Technical data: IP address, user-agent, session identifiers, and a minimal set of cookies needed to sign you in.
  • We do not sell your data, and we do not train AI models on your content (see Section 9).

4. Information We Collect

In plain English: here is the detailed list.

4.1 Account information

When you create an account we collect your email address, the handle you choose, and — if you sign in through a third-party provider — the unique identifier returned by Google or GitHub. We never see your Google or GitHub password.

4.2 Profile information

Your profile may include an avatar, display name, short bio, and optional links you provide. Everything you add to your profile is public by default.

4.3 Content you create

Vibes (AI-generated UI projects with screenshots, descriptions, and the tools and prompts you chose to disclose), comments, likes, bookmarks, follows, and tool-directory submissions are stored by us so the Service can display them.

4.4 Device and log data

When you interact with the Service we automatically record limited technical data: IP address, browser user-agent, timestamps, referrer, and the pages you viewed. We use this to keep the Service secure and to diagnose problems.

4.5 Communications

If you contact us, or if you receive email from us (for example a magic-link sign-in or a transactional notification), we retain a copy of the correspondence.

4.6 Cookies and similar technologies

See Section 10 for the full breakdown.

5. How We Use Your Information

In plain English: we use your data to run the platform, keep it safe, and email you stuff you asked for.

  • Operate, maintain, and improve the Service.
  • Authenticate you — including via email magic links and OAuth.
  • Display your public profile, vibes, comments, and social graph.
  • Rank content on leaderboards (the Rank page) and personalise the feed you see.
  • Detect, prevent, and respond to fraud, abuse, vote manipulation, and violations of our Terms of Service.
  • Send you service emails (sign-in links, important account notices) and — only if you opt in — product and newsletter communications.
  • Comply with legal obligations that apply to us.

7. How We Share Information

In plain English: we use a small number of trusted vendors to run the service. We name them here.

We do not sell your personal data. We share personal data only with:

  • Hosting and storage — Vercel Inc. (web hosting and serverless execution) and Vercel Blob (image and file storage) for the uploaded screenshots that accompany your vibes.
  • Database — a managed PostgreSQL provider that stores your account, profile, and content data.
  • Email delivery — Resend (resend.com) for magic links, transactional messages, and opt-in newsletters.
  • OAuth sign-in providers — Google LLC and GitHub, Inc. receive the minimum data needed to authenticate you when you choose to sign in with them.
  • Law enforcement and authorities — when we are required to disclose data by a valid legal request under Polish or EU law.
  • Business transfers— if vibedsgn’s business or assets are ever transferred, your data may be transferred as part of that transaction; any successor will be bound by a policy at least as protective as this one.

Each vendor acts as a processor on our behalf and is contractually required to protect your data. We regularly review this list and will update this Policy when it changes.

8. Public Content

In plain English: what you post publicly is public. Treat it that way.

Vibes, comments, tool submissions, profile pages, likes, bookmarks (where you make them visible), and follower/following lists are public by default. They are visible to any visitor, are indexable by search engines, and may appear in third-party previews (for example, link unfurls on social media).

If you do not want something to be public, do not post it on vibedsgn. You can delete your own vibes and comments at any time; deletion removes them from the Service, but copies may persist in third-party caches or screenshots beyond our control.

9. AI Training Policy

In plain English: we do not train AI on your work. Period. If we ever offer it, it will be opt-in and off by default.

vibedsgn does not train, fine-tune, or otherwise use your user-posted vibes, uploaded images, comments, or profile text to train any machine-learning model, and we do not license this content to third parties for the purpose of model training.

If we ever introduce an opt-in feature that allows contributors to voluntarily share their work for model training, that setting will be off by default, will require your explicit affirmative consent (GDPR Art. 6(1)(a) / Art. 7), and will be withdrawable at any time from your account settings. We will not change this default without updating this Policy and giving you notice.

10. Cookies & Tracking

In plain English: we use a small number of cookies. None are used for advertising.

  • Essential cookies — required to sign you in, to keep your session active, and to protect the Service against cross-site request forgery. These cannot be disabled while you use the Service in a signed-in state.
  • Functional cookies — remember UI preferences you have chosen (for example, theme or feed tab).
  • Analytics cookies — we use Vercel Analytics for aggregate, anonymized traffic and signup metrics. No cross-site tracking, no fingerprinting, no third-party ad networks.
  • Advertising cookies — we do not currently use advertising cookies or third-party ad trackers.

You can control cookies through your browser settings. A cookie consent banner may be added to the Service to give you granular choice for non-essential categories.

11. Your Rights Under GDPR

In plain English: you have real rights over your data. Email us to use them.

You have the right to:

  • Access your personal data (Art. 15 GDPR).
  • Have inaccurate data corrected (Art. 16 GDPR).
  • Have your data erased (“right to be forgotten”, Art. 17 GDPR).
  • Restrict processing (Art. 18 GDPR).
  • Receive a portable copy of your data (Art. 20 GDPR).
  • Object to processing based on our legitimate interests (Art. 21 GDPR).
  • Withdraw consent at any time where we process on the basis of consent.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email hello@vibedsgn.com from the address associated with your account, or include enough detail for us to identify you. We will respond within one month, which may be extended by up to two further months for complex requests (Art. 12 GDPR).

You can also lodge a complaint with the Polish supervisory authority — the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, “UODO”), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl — or with the data protection authority in the EU country where you live or work.

12. Data Retention

In plain English: we keep data only as long as we need it.

  • Account data — kept while your account is active. After you delete your account we retain a minimal subset for up to 90 days in backups and for legal defence, after which it is deleted or irreversibly anonymised.
  • Published vibes and comments — kept indefinitely while the author chooses to keep them online. You can delete yours at any time from your profile.
  • Server and access logs — retained for up to 25 months for security and abuse investigation.
  • Support communications — retained for up to 2 years.
  • Accounting and tax records — retained for the period required by Polish tax and accounting law (currently 5 years from the end of the tax year).

13. International Data Transfers

In plain English: some vendors are in the US. We use the legally required safeguards.

Some of our service providers (for example Vercel, Resend, GitHub and Google) are established in the United States or process data there. When personal data is transferred outside the European Economic Area, we rely on the legal mechanisms permitted under Chapter V of the GDPR — principally the European Commission’s Standard Contractual Clauses and, where applicable, adequacy decisions (including the EU–US Data Privacy Framework for certified recipients).

14. Security

In plain English: we take reasonable steps to protect your data — and we’ll tell you fast if something goes wrong.

We use TLS in transit, hashed credentials at rest, access controls on internal systems, and least-privilege principles for vendor access. No online service is perfectly secure; we cannot guarantee absolute security but we work continuously to reduce risk.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the UODO within 72 hours as required by Art. 33 GDPR and notify affected users where required by Art. 34 GDPR.

15. Children’s Privacy

In plain English: vibedsgn is for people 16 and older.

The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please email hello@vibedsgn.com and we will delete it.

16. Changes to This Policy

In plain English: if we make meaningful changes, we’ll tell you.

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and will display a prominent notice in the Service at least 14 days before the change takes effect, unless an earlier change is required by law. The “Effective date” at the top of this page always reflects the current version.

17. Contact

In plain English: email us. A real human reads it.

For any question about this Policy or about our processing of your personal data, write to:

Jakub Kowalik Graphic Designer
ul. Iwaszkiewicza 30 lok. 21
10-089 Olsztyn, Poland
Email: hello@vibedsgn.com

→ Terms of Service← Back to vibedsgn