Privacy policy

1. Who we are

SkyGem, Inc. operates VibeID (collectively, “we”, “us”, “our”). Contact us at privacy@skygem.tech.

2. Data we collect

• Account data: name, email, team information.
• Card content: title, company, avatar, socials, phone.
• Contact captures: data about people who scan your card.
• Usage analytics: anonymized event data via PostHog (no cross-site tracking).
• Error telemetry: stack traces via Sentry with PII scrubbing.

3. How we use your data

To deliver the product, send service emails, improve the product via aggregate analytics, and enforce our terms. We do not sell personal information.

3a. Marketing communications

When you start a card via the “Save your spot” gate on the homepage, we store your email address in a separate marketing leads ledger so we can email you the magic link to finish setup.

• Transactional emails(the magic link, “your draft is here”) are sent without a separate opt-in — they are necessary for the service you requested.
• Marketing emails (product updates, feature launches, occasional tips) are sent only if you ticked the marketing-consent checkbox at the gate. The checkbox is unchecked by default.
• Every marketing email includes a one-click unsubscribe link that points at /unsubscribe. Unsubscribing adds your email to a permanent suppression list — we will not re-add you without explicit consent.
• Un-converted leads (you started but never finished signup) are automatically deleted after 60 days via a daily cron job.
• GDPR / CCPA right-to-erasure requests can be sent to privacy@skygem.tech; we honor them within 30 days. The same request also adds your email to the suppression list.

4. Your rights

• CCPA:California residents can request access, deletion, and opt out of “sale” (we never sell).
• GDPR: EU/UK residents can request access, rectification, erasure, and portability.
• Universal: every user can export or delete their data from Settings → Data.

5. Subprocessors

• Supabase (AWS us-east-1) — application database + storage
• Vercel — marketing site hosting
• PostHog — product analytics
• Sentry — error telemetry
• Cloudflare Workers AI / Groq / DeepSeek — AI features (content not retained by providers)

6. Security

TLS 1.3 in transit, AES-256 at rest. SOC 2 Type II audit in progress via Drata. Responsible disclosure: see security.txt.

7. Changes

We will notify users of material changes at least 30 days before they take effect.