Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Vibe ("Vibe", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use the Vibe platform available at https://vibefm.app and its related dashboard, TV display, and mobile voting pages (together, the "Service").
Vibe is a B2B software-as-a-service (SaaS) platform that lets bars, restaurants, and events offer their audience an interactive music-playlist experience. Venue operators manage a music queue from a web dashboard; the venue's customers scan a QR code to vote on and suggest songs from their phones — no app install and no account required for customers — and a TV screen displays the live playlist while videos play through the official YouTube player.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Vibe uses YouTube API Services
The Service uses YouTube API Services. Specifically, Vibe uses the YouTube Data API v3 (to search for music, retrieve video details such as duration and embeddable status, and import playlists) and the YouTube IFrame Player API (to play videos on the venue's screen).
Because Vibe uses YouTube API Services:
- By using Vibe, you are also agreeing to be bound by the YouTube Terms of Service.
- Your use of YouTube content and features through Vibe is also governed by the Google Privacy Policy (available at http://www.google.com/policies/privacy).
We encourage you to review both the YouTube Terms of Service and the Google Privacy Policy, as they describe how Google and YouTube handle data collected through their services.
2. Who this Policy applies to
Vibe serves two types of users, and we handle their information differently:
- Venue operators — the owners or staff of bars, restaurants, and events who create an account and manage playlists from the Vibe dashboard.
- Venue customers ("voters") — the patrons of a venue who scan a QR code to vote on and suggest songs. Customers do not create a Vibe account and are not required to sign in to YouTube or Google.
Our roles under data-protection law. For venue operator account data, Vibe is the controller and decides how that data is processed. For personal data of venue customers collected through a venue's session, the venue operator is the controller and Vibe acts as a processor / operator (as defined under Brazil's LGPD and comparable laws), processing that data on the venue's behalf and instructions. Each party is responsible for compliance with data-protection law in its role.
3. Information we collect
3.1 Information you provide
From venue operators:
- Account information: name, email address, and password (stored only in hashed form).
- Venue information: venue name, type, and settings you configure.
- Billing information: when you subscribe to a paid plan, payment is processed by our third-party payment provider. We receive limited billing details (such as your plan, transaction status, and the last digits of a card); we do not store full payment-card numbers on our servers.
- Communications: any information you send us by email or through support channels.
From venue customers:
- Optional display name or nickname, if you choose to enter one when voting or suggesting a song.
- The votes you cast and the songs you suggest.
3.2 Information collected automatically
When anyone uses the Service, we and our infrastructure providers may automatically collect:
- Device and connection data such as IP address, browser type, operating system, and language.
- Usage data such as pages viewed, actions taken (e.g., votes and suggestions), timestamps, and session identifiers.
- Cookies and similar technologies (see Section 8).
3.3 YouTube API Data we access and store
To provide the Service, Vibe retrieves and temporarily stores metadata returned by the YouTube Data API for the videos involved in searches, playlists, and the queue. This "API Data" includes:
- YouTube video ID
- Video title
- Channel/artist name
- Duration
- Thumbnail image URL
- Embeddable status
This YouTube metadata is stored in a dedicated cache (a songs_cache table), separate from user account data, and is refreshed periodically (a cache entry has a maximum lifetime of 30 days before it is updated on the next request). We store this metadata only to reduce redundant API calls and to make the Service faster; we do not use it to build profiles of individual people.
Vibe does not request access to any user's private YouTube or Google account data. Vibe accesses only publicly available YouTube data through an application API key and does not use YouTube OAuth "Authorized Data."
4. How we use information
We use the information described above to:
- Provide, operate, and maintain the Service, including music search, playlist management, voting, suggestions, and playback on the venue screen;
- Authenticate venue operators and secure their accounts;
- Process subscriptions and payments;
- Cache YouTube metadata to reduce API usage and improve performance;
- Prevent abuse, fraud, duplicate voting, and other misuse, and to keep the Service secure;
- Analyze and improve the Service and develop new features;
- Communicate with venue operators about their account, updates, and support requests;
- Comply with legal obligations and enforce our Terms of Use.
We do not sell your personal information.
5. How we share information
We share information only as described here:
- Service providers (processors) who help us run the Service under contract, including:
- Google / YouTube — for music search, video metadata, and video playback via YouTube API Services;
- Supabase — our database and authentication infrastructure (PostgreSQL);
- our hosting provider (e.g., Vercel) and our payment processor.
- Legal and safety — when required by applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Vibe, our users, or the public.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
We do not share your personal information with external parties for their own independent advertising purposes.
6. Legal bases and your rights
Depending on where you live, you may have rights over your personal data under laws such as Brazil's LGPD (Lei Geral de Proteção de Dados) and the EU GDPR. These may include the rights to access, correct, delete, port, or restrict processing of your data, and to withdraw consent.
Because Vibe is based in Brazil, we process personal data in accordance with the LGPD. Our legal bases for processing include performance of a contract (providing the Service to operators), your consent (for optional data and cookies), our legitimate interests (security, fraud prevention, and improving the Service), and compliance with legal obligations.
To exercise any of these rights, contact us using the details in Section 12. You may also manage or revoke any Google/YouTube permissions associated with your Google Account at any time via the Google security settings page (available at https://security.google.com/settings/security/permissions).
7. Data retention
- Venue operator account data is retained for as long as the account is active and for a reasonable period afterward to meet legal, tax, and security obligations, after which it is deleted or anonymized.
- YouTube API metadata in the cache is retained for a maximum of 30 days before being refreshed or removed.
- Voting and suggestion data tied to a live session is retained only as long as needed to operate the queue and for limited analytics and abuse prevention.
8. Cookies and similar technologies
Vibe stores, accesses, and collects information directly or indirectly on or from your device, including by placing, accessing, or recognizing cookies and similar technologies on your device or browser. We use them to:
- keep you signed in and maintain your session (essential cookies);
- remember preferences and the venue session you are voting in;
- understand and improve how the Service is used (analytics).
You can control cookies through your browser settings. Blocking essential cookies may prevent parts of the Service from working. Note that YouTube may also set its own cookies when a video is played through the embedded player; that activity is governed by the Google Privacy Policy.
9. Data security
We maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect information against accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure. These include encryption in transit, hashed passwords, access controls, and separation of YouTube metadata from user account data. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
10. Children's privacy
The Service is intended for venues and adult patrons and is not directed to children. We do not knowingly collect personal data from children as defined under applicable law. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.
11. International users and changes
Vibe operates from Brazil and may process and store information in Brazil and in other countries where our service providers operate. By using the Service, you understand that your information may be transferred to and processed in those locations, subject to appropriate safeguards where required.
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
12. Contact us
If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, you can contact the party responsible for Vibe at:
- Email: hiagormf@gmail.com
- Website: https://vibefm.app