Privacy Policy

Your data. Our rules.

Last updated April 19, 2026

This Privacy Policy explains how VIBE(a product of ModernGrindTech, LLC, a Virginia limited liability company) collects, uses, discloses, and safeguards information when you visit vibe-market.app (the “Site”), join the waitlist, submit the contact form, or use the VIBE CRM platform (the “Service”). By using the Site or Service you agree to this Policy.

1. What we collect

We collect only what is necessary to operate VIBE, respond to you, and protect the Service from abuse.

Information you provide

  • Marketing forms: email address, optional name, the context of your submission (waitlist vs. contact), and the content of any message you send us.
  • Account data: name, email, hashed password (never stored in plaintext), organization name, role, and any profile fields you add.
  • CRM data you upload: contacts, deals, pipelines, tasks, emails, SMS logs, call recordings, uploaded files. This is your data -- we process it on your behalf under the Service agreement.

Information we collect automatically

  • Technical logs: IP address, user-agent, request timestamp, and referring URL. Used for rate limiting, security forensics, and debugging. Logs are retained for up to 30 days.
  • Session cookies: strictly necessary cookies for authentication (Better Auth). We do not set third-party advertising cookies.

2. How we use it

  • Operate, maintain, and secure the Site and Service.
  • Respond to your waitlist or contact form submission -- typically with one reply from a human on our team within one business day.
  • Send transactional emails related to your account (password resets, billing receipts, security alerts).
  • Send launch updates and founding-member access emails if you joined the waitlist. You can unsubscribe at any time.
  • Detect and prevent fraud, abuse, spam, and unauthorized access.

3. Processors we rely on

We use a small set of reputable sub-processors. Each has their own privacy commitments and is bound by data-processing terms with us.

  • Neon -- managed PostgreSQL (US East region) hosts your account data, CRM records, and marketing-form submissions.
  • Vercel -- application hosting, edge middleware, and request logs.
  • Resend (primary) and Postmark (fallback) -- transactional email delivery.
  • Stripe -- subscription billing and payment processing. We never receive full card numbers.
  • Twilio -- optional SMS and voice features for paid tenants.
  • Intuit / QuickBooks Online -- optional financial sync for paid tenants who enable the integration.

4. Multi-tenant isolation

VIBE is multi-tenant by design. Every table in our database carries a tenant_id that is enforced at the ORM layer (Prisma middleware) and in our application code. Your CRM data is never exposed to another tenant. Platform-level admins at ModernGrindTech can access metadata (sign-up timestamps, billing status, audit logs) for support and abuse investigations, but do not browse tenant CRM contents absent a support ticket or legal process.

5. How long we keep data

  • Marketing-form submissions: retained until you ask us to delete them or indefinitely if you become a customer.
  • Account + CRM data:retained while your account is active and for up to 30 days after account deletion, after which it’s permanently erased.
  • Request logs: 30 days.
  • Billing records: up to 7 years to comply with tax and accounting obligations.

6. Your rights

Depending on where you live, you may have rights under GDPR (EU/UK), CCPA/CPRA (California), or similar state laws (Virginia, Colorado, Connecticut, Utah, etc.).

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your data (right to erasure).
  • Export your data in a portable format.
  • Opt out of marketing emails (every marketing email includes an unsubscribe link).
  • Object to or restrict certain processing.

To exercise any of these rights, reach out via the contact formand we’ll respond within 30 days.

7. Security

We use TLS for all traffic, hashed-and-salted passwords, CSRF protection on mutating routes, per-IP rate limits, encrypted integration tokens, and principle-of-least-privilege access to production systems. No system is perfectly secure -- if you discover a vulnerability, please email us responsibly before public disclosure.

8. Children

VIBE is a business tool and is not directed at children under 13. We do not knowingly collect information from children. If you believe we have, contact us and we will delete it.

9. Changes to this policy

We may update this Policy from time to time. Material changes will be announced via email to account holders and posted here with a new “last updated” date.

10. Contact

ModernGrindTech, LLC -- Virginia, USA. Send us a message.