Privacy Policy

VibePodz is the data controller responsible for your personal data collected via vibepodz.com. Contact: [email protected].

• Order data: name, email, shipping address (where requested), order contents, total.
• Payment data: processed directly by Stripe. We only receive a payment status and the last 4 digits / brand of the card. We never see or store full card numbers.
• Account data (if you create one): email, hashed password or OAuth identifier.
• Communications: emails you send us and our replies; email open/click events for the messages we send (order confirmation, abandoned cart reminders).
• Technical data: IP address, browser type, device, pages viewed, timestamps. Used for security and analytics.
• Marketing consent: if you opt in at checkout, we record that consent and the timestamp.

• To perform the contract — process orders, send your deal links, handle support (Art. 6(1)(b) GDPR).
• Legal obligation — accounting, tax, fraud prevention (Art. 6(1)(c)).
• Legitimate interest — site security, fraud detection, basic analytics, recovering abandoned carts of existing customers (Art. 6(1)(f)).
• Consent — non-essential cookies and marketing emails to non-customers (Art. 6(1)(a)). You can withdraw consent at any time.

• Order & invoicing data: 7 years (statutory tax retention).
• Account data: until you delete your account, then removed within 30 days.
• Abandoned cart records: up to 90 days after the last activity.
• Email logs & suppression list: up to 24 months for deliverability.
• Analytics data: aggregated and anonymised after 14 months.

We only share data with vetted processors under a data processing agreement:

• Stripe — payment processing.
• Supabase (Lovable Cloud) — database, authentication and hosting of backend functions.
• Brevo — transactional & marketing email delivery.
• Cloudflare — CDN, edge hosting and DDoS protection.

Some of these providers may process data outside the EEA. Where they do, transfers are covered by the European Commission’s Standard Contractual Clauses or an adequacy decision.

We use strictly necessary cookies to make the shop and cart work. Analytics cookies are only set after you accept them in the cookie banner. You can change your choice at any time by clearing cookies for vibepodz.com.

You have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• request deletion (“right to be forgotten”);
• restrict or object to processing;
• data portability;
• withdraw consent at any time;
• lodge a complaint with your local data protection authority (in NL: Autoriteit Persoonsgegevens).

To exercise any of these rights, email [email protected]. We respond within 30 days.

We only send marketing or abandoned-cart emails when you have given consent at checkout or are an existing customer. Every email contains a one-click unsubscribe link, which we honour immediately.

We use HTTPS everywhere, encrypted database storage, hashed passwords, role-based access control and signed webhook verification for payments. No system is 100% secure, but we apply industry-standard measures to protect your data.

We may update this policy. The “last updated” date at the top reflects the current version. Material changes will be announced on the site.