Privacy and Data Protection

Data We May Collect

• Learning and academy applications: name, email, skill level, goals, proof links, and cohort fit notes.
• Builder profiles: skills, location, projects, certifications, proof artifacts, availability, and reviews.
• Community access: WhatsApp invite requests, moderation notes, demo-day participation, and safety reports.
• Client and partner workflows: proposal requests, project scope details, invoices, and communication history.
• Security and diagnostics: basic logs needed to protect the website, prevent abuse, and fix errors.

Your Rights

• Ask what personal data we hold about you.
• Request correction of inaccurate profile, contact, or proof information.
• Ask us to delete data where retention is no longer needed or legally required.
• Object to certain processing or withdraw consent for optional community and marketing messages.
• Ask for a practical export of information you supplied to VibeCoded.

Lawful bases

• Consent for optional community invites, marketing updates, and public profile submissions.
• Contract or pre-contract steps for cohort applications, support, invoices, receipts, and paid services.
• Legitimate interest for abuse prevention, site security, proof verification, moderation, and product improvement.
• Legal obligation for tax, accounting, dispute, and regulatory records once payments or contracts exist.

Retention Windows

• Cohort and community requests: kept for up to 24 months unless you ask for deletion earlier or a dispute requires retention.
• Public builder profile corrections: retained while the profile exists, plus up to 24 months for dispute and false-claim prevention.
• Payment records after payment launch: retained for up to 7 years where accounting, tax, refund, processor, or dispute rules require it.
• Security logs: kept for up to 180 days unless an abuse, fraud, or incident investigation requires longer retention.

Processors and Transfers

• Email providers used to receive applications, support requests, and privacy requests.
• WhatsApp or community platforms used only after a member requests or accepts an invite.
• Payment processors such as Paystack, Flutterwave, Stripe, or bank transfer rails when payments go live.
• Hosting, analytics, uptime, and error-monitoring providers needed to run the website safely.

When a provider stores data outside Nigeria, VibeCoded uses reputable processors and limits shared data to the purpose required for applications, community operations, payments, security, or support.

Community and Builder Profile Data

Public builder profiles should only contain information a builder intentionally submits or verifies: skills, projects, proof links, certifications, reviews, availability, and location at city or state level. Sensitive documents used for verification should not be published on profile pages.

Retention and Deletion

Contact requests and application notes should be retained only as long as needed for support, screening, audits, dispute handling, legal obligations, or legitimate operating records. Builders can request removal or correction of public profile information.

Requests, incidents, and complaints