← Home

Privacy Policy

How we handle your data. Plain English, no legalese.

Last updated 22 February 2026

We care about your privacy. This policy explains what data we collect, how we use it, and your rights. Plain English, no legalese.

1. Who we are

Vibe Tracker is operated by us ("we", "our", "us"). We're the data controller for the personal data we collect when you use the service.

2. What we collect

Account data: When you sign up, we collect your email address, name (if you provide it), and a hashed version of your password. We never store your actual password; we use a one-way hash so even we can't see it. If you sign in with Google, we receive your email and basic profile info from Google.

Content you create: Everything you log: mood scores (1–10), glimmers, triggers, habits, habit completions, journal notes, and any custom tags you add. This is the core of the service.

Payment data: When you pay for lifetime access, payment is processed by Stripe. We receive confirmation that you've paid and may store a Stripe customer ID so we can link payments to your account. We do not store your card number or full payment details; Stripe handles that.

Technical data: We use session cookies to keep you logged in. We may log basic technical information (like IP address, browser type) for security and to fix problems. We don't do detailed analytics or tracking.

3. How we use your data

We use your data to:

  • Provide and run Vibe Tracker (your dashboard, year grid, stats, streaks, calendar, and so on)
  • Authenticate you and keep your account secure
  • Process payments via Stripe
  • Send you transactional emails (like password resets or important service updates)
  • Improve the service and fix bugs
  • Comply with legal obligations

We do not sell your data. We do not share it with advertisers or data brokers. We do not use it for marketing beyond what you've signed up for.

4. Legal basis

Under UK and EU data protection law, we process your data on these bases:

  • Contract: We need your data to provide the service you've signed up for.
  • Legitimate interest: We use technical data for security, fraud prevention, and improving the service.
  • Consent: Where we send marketing emails (if we do), we'll ask for your consent first.

5. Who we share data with

Stripe: For payment processing. Stripe has its own privacy policy and handles card data according to PCI standards.

Google: If you sign in with Google, we use Google's OAuth. Google's privacy policy applies to what they collect.

Hosting and infrastructure: Your data is stored on servers operated by our hosting provider. They process data on our behalf under strict agreements.

Legal requests: If we're required by law (e.g. court order, subpoena), we may have to disclose data. We'll push back where we can.

We do not sell, rent, or share your data with anyone else.

6. Cookies and sessions

We use a session cookie to keep you logged in. It's essential for the service. It's HTTP-only (not accessible to JavaScript), secure in production (HTTPS only), and set to "SameSite" to reduce cross-site risks. Sessions typically last 7 days unless you log out. We don't use third-party advertising or tracking cookies.

7. Data retention

We keep your data for as long as you have an account. If you delete your account, we'll delete your data within a reasonable period (usually 30 days), except where we're required to keep it for legal reasons.

8. Security

We take security seriously. Passwords are hashed with industry-standard methods. Data is transmitted over HTTPS. We use secure, modern hosting. We don't store sensitive data we don't need. That said, no system is 100% secure; if we become aware of a breach that affects you, we'll notify you as required by law.

9. Where your data is stored

Your data is stored on servers that may be located in the UK, EU, or other regions. If we use providers outside the UK/EU, we ensure appropriate safeguards (such as standard contractual clauses) are in place.

10. Your rights

You have the right to:

  • Access: Ask for a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Ask us to delete your data (subject to legal exceptions).
  • Portability: Receive your data in a machine-readable format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights, contact us. We'll respond within one month. You can also delete your account from your profile if you want to stop using the service.

You have the right to complain to a supervisory authority. In the UK, that's the Information Commissioner's Office (ICO).

11. Children

Vibe Tracker is not intended for children under 13. We don't knowingly collect data from children under 13. If you're a parent and discover your child has used the service, contact us and we'll delete their data.

12. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we'll update the date at the top and, where appropriate, notify you or ask for your consent. Continued use of the service after changes means you accept the updated policy.

13. Contact

Questions about your data or this policy? Get in touch at the contact details on our website.