Privacy Policy

Last updated: February 20, 2026

Viibo LLC ("Viibo," "we," "us," or "our") operates the Viibo mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using Viibo, you consent to the practices described herein.

1. Information We Collect

We collect several categories of information to provide and improve the Service. Below is a detailed breakdown.

1.1 Account Information

  • Name, email address, and profile photo provided via Google Sign-In or other authentication methods
  • Username, bio, and social links you add to your profile
  • Avatar media (photos and motion videos you upload for your profile)

1.2 Vibe DNA Profile Data

  • Quiz responses: Answers to the Vibe DNA quiz that determine your vibe preferences
  • Dimension scores: Computed scores across five vibe dimensions (romantic, trendy, cozy, loud, eyeCheck)
  • Archetype assignment: Your primary and secondary vibe archetype derived from quiz results and behavioral signals
  • Vibe preference updates: Changes to your vibe profile over time as you retake quizzes or adjust preferences

1.3 Check-In and Behavioral Data

  • Vibe check-ins: Venues you check in to, timestamps, and vibe ratings you assign
  • Content interactions: Posts you create, photos and videos you upload, reviews, and ratings
  • Social activity: Follows, likes, comments, saves, shares, and space memberships
  • Streak data: Consecutive daily check-in counts and milestone achievements
  • Badge progress: Gamification data including badge unlocks and leaderboard participation

1.4 Implicit Behavioral Signals

To improve recommendations and vibe matching, we collect implicit signals about how you interact with the Service:

  • Browsing behavior: Which posts, spots, and spaces you view
  • Dwell time: How long you spend viewing particular content
  • Scroll patterns: Feed engagement depth and interaction frequency
  • Save and bookmark actions: Content you save for later
  • Search queries: What you search for within the app

1.5 Location Data

  • Precise location: Collected only when you perform a vibe check-in at a venue, and only with your explicit permission
  • Approximate location: Used for nearby venue recommendations, district-based content filtering, and AI planner suggestions. Derived from IP address or coarse device location

1.6 Device and Technical Data

  • Device type, operating system, and version
  • App version and build number
  • IP address and general geographic region
  • Browser type and version (for web users)
  • Push notification tokens (if you enable notifications)
  • Crash reports and performance diagnostics (via Sentry)

1.7 Payment Information

If you subscribe to premium features or participate in creator monetization, payment processing is handled entirely by Stripe. We do not store your credit card numbers or bank account details on our servers. We receive only transaction confirmations, subscription status, and payout summaries from Stripe.

2. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Personalize your experience through vibe matching and content recommendations
  • Generate and display vibe match scores between you and venues
  • Power the AI planner to create personalized outing plans
  • Process check-ins and compute community vibe ratings for venues
  • Track gamification progress (badges, streaks, leaderboards)
  • Send important account notifications (security alerts, policy updates)
  • Send streak reminders and engagement notifications (with your consent)
  • Detect, prevent, and address fraud, abuse, or policy violations
  • Generate anonymized, aggregate analytics to understand Service usage trends
  • Improve and train our algorithms using anonymized and aggregated data (see Section 3)
  • Respond to support requests and communicate with you

3. AI and Machine Learning

Viibo uses artificial intelligence and machine learning to deliver core features of the Service. This section explains how your data interacts with our AI systems.

3.1 Vibe DNA Profiling

When you complete the Vibe DNA quiz, your answers are combined with implicit behavioral signals (such as check-in history and content interactions) to compute scores across five vibe dimensions: romantic, trendy, cozy, loud, and eyeCheck. These dimension scores determine your vibe archetype (e.g., primary and secondary personality archetypes). This profile is used to calculate how well you match with specific venues and to personalize your feed, explore page, and recommendations.

3.2 Vibe Scoring Algorithms

Vibe match scores displayed on posts and venue cards are algorithmically generated. These scores compare your personal vibe dimension scores against the community-contributed vibe ratings for each venue. The algorithm considers your quiz answers, check-in history, and behavioral patterns. Vibe match scores are categorized into tiers (Great Match, Good Match, Low Match) using defined thresholds.

3.3 AI Planner

The AI planner feature uses your vibe preferences, location, past check-in history, and the prompt you provide to generate personalized outing recommendations (e.g., date night plans, brunch routes, group outings). To generate these plans, your prompt and relevant contextual data are sent to third-party AI services (see Section 4.2). The AI planner does not share your identity with these services; only the content of your request and anonymized preference context are transmitted.

3.4 AI Model Training and Improvement

We use anonymized and aggregated user data to improve our vibe scoring algorithms, recommendation quality, and content ranking models. This includes aggregated check-in patterns, vibe rating distributions, and engagement signals. Individual user data is never used in identifiable form for model training. You cannot be re-identified from the aggregated datasets used for training.

3.5 Automated Decision-Making

Certain features of the Service involve automated decision-making:

  • Vibe match scores are computed algorithmically and displayed without human review
  • Feed ranking uses algorithmic signals to order content in your home feed and explore page
  • Badge and streak awards are automatically computed based on defined thresholds
  • Content moderation flags may be algorithmically triggered for human review

These automated decisions do not have legal or similarly significant effects. If you would like an explanation of how a specific algorithmic decision was made regarding your account or content, you may contact us at privacy@viibo.app and we will provide a meaningful explanation within 30 days.

4. Third-Party Services

4.1 Infrastructure and Analytics

  • Google OAuth for authentication (sign-in via Google)
  • MongoDB Atlas for application data storage (hosted in the United States)
  • Vercel for web hosting and analytics
  • Sentry for error tracking and crash reporting
  • Stripe for payment processing, subscription management, and creator payouts via Stripe Connect

4.2 Third-Party AI Services

Certain features of the Service rely on third-party AI providers:

  • OpenAI — Powers AI planner conversation and recommendation generation
  • Google Generative AI (Gemini) — Used for AI chat and planning features
  • LiteLLM — Used as a routing layer for AI model selection

When you use AI-powered features (such as the AI planner or AI chat), the text of your prompts and relevant contextual data (such as your vibe preferences and approximate location) may be sent to these third-party AI providers to generate responses. We do not send your name, email, or account identifiers to these providers. Each third-party AI provider processes data according to their own privacy policies and data processing agreements with Viibo LLC.

4.3 Third-Party Links

The Service may contain links to third-party websites or services (e.g., booking providers, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal information.

5. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your data only in the following circumstances:

  • With your consent: When you explicitly authorize sharing (e.g., sharing a post publicly, joining a public space)
  • Service providers: With vendors who process data on our behalf to operate the Service (hosting, analytics, payment processing, AI services), subject to confidentiality and data processing agreements
  • Legal obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Safety and enforcement: To protect the rights, property, or safety of Viibo LLC, our users, or the public; or to enforce our Terms of Service
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred to the successor entity
  • Aggregated data: In anonymized, aggregated form that cannot reasonably identify you, for research, analytics, or business purposes

6. Cookies, Tracking, and Analytics

6.1 Cookies and Session Management

The Viibo web application uses cookies and similar technologies for session management (keeping you logged in) and to remember your preferences (such as dark mode settings). These are essential cookies required for the Service to function properly.

6.2 Analytics

We use Vercel Analytics to collect anonymized, aggregate usage data about how visitors interact with our website. Vercel Analytics does not use cookies and does not collect personally identifiable information. This data helps us understand traffic patterns and improve the Service.

6.3 Error Monitoring

We use Sentry for real-time error tracking and performance monitoring. Sentry may collect device information, OS version, app version, and stack traces when errors occur. This data is used solely for debugging and improving app stability.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. Specific retention periods include:

  • Account data: Retained until you delete your account
  • Check-in and vibe data: Retained while your account is active; anonymized aggregate contributions to venue ratings may persist after account deletion
  • AI planner conversations: Retained for up to 90 days, then automatically deleted
  • Technical logs: Retained for up to 90 days for security and debugging purposes

If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or necessary to resolve disputes, enforce agreements, or protect our legal rights. Anonymized, aggregated data that cannot identify you may be retained indefinitely.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS
  • Encryption at rest: Database storage is encrypted using provider-managed encryption (MongoDB Atlas, Vercel)
  • Authentication security: Session-based authentication with secure token management; passwords are never stored (OAuth-based login)
  • Access controls: Role-based access controls limit internal access to user data to authorized personnel only
  • Rate limiting: API rate limiting to prevent abuse and brute-force attacks
  • Error monitoring: Real-time error and anomaly detection via Sentry
  • Secure payment handling: All payment data is processed by Stripe and never touches our servers

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 General Rights (All Users)

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data (available in-app via Settings or by contacting us)
  • Data portability: Request a machine-readable copy of your data
  • Algorithmic explanation: Request an explanation of how automated decisions (such as vibe match scores or feed ranking) are made about you

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting the information, and the categories of third parties with whom we share it
  • Right to delete: You may request that we delete personal information we have collected from you, subject to certain legal exceptions
  • Right to correct: You may request that we correct inaccurate personal information
  • Right to opt-out of sale or sharing: We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. There is no need to opt out because we do not engage in these practices
  • Right to limit use of sensitive personal information: We only use sensitive personal information (such as precise location) for the purposes disclosed in this policy
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive a different level of service or pricing for exercising these rights

To exercise your CCPA/CPRA rights, contact us at privacy@viibo.app or use the account deletion feature in Settings. We will verify your identity before processing your request and respond within 45 days.

9.3 Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out. We honor these rights consistent with applicable law. To exercise your rights, contact us at privacy@viibo.app.

10. International Data Transfers

Viibo LLC is based in the United States. If you access the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your data to the United States. Where required by applicable law, we implement appropriate safeguards (such as standard contractual clauses) to protect transferred data.

11. Children's Privacy

Viibo is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@viibo.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email or in-app notification. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For privacy rights requests, we will respond within 30 days (or 45 days for CCPA requests, with the possibility of a 45-day extension with notice).