← Back to Vibe Cards
1. Controller
This policy describes how PureCodeBase (owner: Nico Wuerthenberger) processes data in Vibe Cards.
Contact email: purecodebase@gmail.com. Provider details are available in the Impressum.
2. Scope
This page applies only to the mobile app Vibe Cards.
3. Data We Process
3.1 Account and Profile Data
- Apple sign-in account identifiers and authentication metadata
- Email address or Apple private relay address if provided by Apple
- Username, optional bio, optional avatar image, and related profile settings
3.2 Card and Creation Data
- Card template, mood, song text, optional song provider, optional song URL, color, short line, obsession text, social energy, and timestamps
- Card visibility status such as private or public
- Publication status used to determine whether a card appears in social surfaces such as Following or Discover
3.3 Social and Moderation Data
- Follow relationships, close-friend links, block relations, reaction activity, and basic social counters
- Reports submitted about public cards or visible social content
- Public profile and public card data that you intentionally choose to expose in-app
3.4 Technical, Analytics, and Ad-Consent Data
- Basic app events and technical metadata required to operate core flows, detect problems, and understand MVP usage
- Consent, privacy-choice, and ad-placement state used for the current AdMob banner setup
- Device and app environment metadata required by integrated SDKs and platform services
4. Public Content and Visibility
- Private cards are intended to remain visible only to the account owner inside the app.
- Public cards may be visible on your public profile or other in-app public surfaces.
- Only cards you explicitly publish are intended to appear in social feed areas such as Following and Discover.
- Other users may view, react to, report, follow, or block public social content as supported by the app.
5. Third-Party Processors / SDKs
- Supabase (authentication, database, and where needed storage services)
- Apple Sign in with Apple and related Apple platform services
- Google AdMob / Google Mobile Ads SDK (banner ad delivery and related measurement)
- Google User Messaging Platform (consent and privacy messaging)
6. Legal Basis and Consent
- Core app operation, account handling, card storage, and social features: contract performance, legitimate interests, or a similar lawful basis where applicable
- Ads, consent handling, and related ad messaging: consent where required by law and platform policy
- The current iOS ad setup is designed around contextual AdMob banner placements. If tracking-related flows are introduced later, the app and this policy may be updated accordingly.
7. Manage Your Privacy Choices
- You can review privacy choices from the Profile area of the app when a consent entry point is required for your region.
- You can control whether a card stays private, becomes public, or is removed from social distribution by changing visibility or publication status in the app.
- You can use block and report tools on public social surfaces where available.
- A public summary of these controls is available here: Privacy Choices.
8. Data Retention
We retain account, card, social, and moderation data for as long as needed to operate the app, maintain safety features, enforce platform rules, or comply with legal obligations. Public interaction and moderation records may be retained longer where necessary for abuse prevention, dispute handling, or compliance.
9. Children's Privacy
Vibe Cards is not intentionally designed to collect personal information from children. If you believe inappropriate data handling has occurred, contact us using the address below.
10. International Transfers
Integrated service providers may process data outside your country. Applicable transfer mechanisms, provider safeguards, and local legal requirements apply where required.
11. Your Rights
- Access, correction, deletion, and objection rights as applicable in your jurisdiction
- Withdrawal of consent at any time, without retroactive effect
- Support or privacy requests via the email address listed below