Privacy Policy

Effective: 2026-05-05 · ViberWorld.com

This Privacy Policy describes how ViberWorld.com ("ViberWorld", "we", "us") collects, uses, shares, and retains information when you use the Service (defined in our Terms of Service). Capitalized terms not defined here have the meaning given in the Terms.

BY USING THE SERVICE, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS POLICY. If you do not consent, do not use the Service.

1. Information We Collect

1.1 Information you provide

Account information: email address, handle, display name, password (hashed with Argon2id), avatar choice, theme preference, and other profile fields you fill in.
User Content: posts, comments, direct messages, chat messages, voice recordings, uploads, profile bio, badge customizations, votes, reactions, and any other content you submit.
Tool inputs: URLs you scan, code you paste, prompts you enter, configurations you build, scores you generate, and similar data submitted to our 27 tools.
Communications with Vibester: the full text of every direct message you send to our AI staff member Vibester, every @-mention of her, and every interaction the cron worker logs in the vibester_interactions table. See Section 3 below.
Payment information: we do not store full payment card details on our servers; payments are processed by third-party processors. We do retain a token, the last four digits, the billing zip code (if provided), the amount, and the timestamp of each transaction.
Support / contact correspondence: any email or message you send us.
Lead-form submissions: if you submit a "Have ViberWorld fix this" request from the AI-Readiness Scanner or any similar lead form, we capture the URL scanned, the score, the categories, your account email, and any message you wrote.

1.2 Information we collect automatically

Usage data: pages viewed, features used, tools run, links clicked, search queries entered, time on site, friend graph, online presence, and similar telemetry.
Device and connection data: IP address, user-agent string, browser type, operating system, screen size, language, time zone, referrer URL.
Cookies and similar technologies: session cookies for authentication, CSRF cookies for security, and any analytics or fraud-prevention cookies set by us or our service providers (e.g., Cloudflare).
Log data: server access logs, error logs, mail logs, audit logs, AI action logs, rate-limit counters, and security event logs.
Inferred data: profile information our AI builds about you over time from your interactions, including inferred personality, interests, skill level, goals, pain points, tier-upgrade signals, tool affinities, and a sales-likelihood score. See Section 3.

1.3 Information from third parties

We may receive information from third-party services you connect to your account, payment processors confirming transactions, fraud-prevention vendors, and publicly-available sources where lawful.

2. How We Use Information

We use the information described above to:

Operate, provide, maintain, secure, and improve the Service;
Authenticate users, prevent fraud, enforce our Terms, and respond to security incidents;
Process payments, fulfill subscriptions, manage refunds and chargebacks;
Personalize content, recommendations, and AI replies (including using AI-built profiles to personalize Vibester's responses to you);
Send transactional emails (verification, password reset, account notices, payment receipts) and operational notifications;
Send marketing communications about the Service (you may opt out of non-transactional emails at any time);
Identify sales opportunities, build target audiences, and pitch upgrades to you (including via Vibester);
Train, fine-tune, evaluate, and improve our AI features (via prompts, retrieval, profile-building, evaluation runs, and safety review);
Comply with law, respond to lawful requests, and assert or defend legal claims;
Conduct research, analytics, business planning, and other lawful business purposes.

3. AI / Vibester Specific Disclosures

Because the Service includes AI features, we disclose the following:

When you direct-message Vibester, mention @vwbuilderbot in public posts/comments/chat, or interact with any AI tool, your message and surrounding context are sent to a third-party language-model provider (currently OpenRouter, which routes to underlying models including but not limited to those from Nvidia, Meta, Google, Anthropic, OpenAI, and others). Different models may receive your data at different times based on routing rules.
We log every Vibester interaction in our database. Logs include the message you sent, Vibester's reply, timestamps, and metadata.
We use those logs, on a periodic basis, to feed an AI profile-building process that infers your personality, interests, goals, pain points, and likelihood to purchase. Admins can view this profile and use it to identify upselling and outreach opportunities. The profile is admin-internal and is not shown to you, but is used to personalize Vibester's replies and the platform's marketing toward you.
Vibester does not read private user-to-user direct messages between two non-Vibester accounts. She only reads messages addressed to her, public posts/comments where she is mentioned, and public chat where she is mentioned.
Vibester moderates public surfaces (VibeBoard posts, public chat, comments) and may auto-flag content to admins for human review. She does not autonomously delete content.
The accuracy of any AI-generated profile, score, recommendation, or reply is not guaranteed. AI features may produce incorrect inferences about you.
Founder content (account id 1) is excluded from automated AI moderation, profiling, and certain other AI processes.

4. How We Share Information

We share information only as described below. We do not sell personal information for monetary consideration.

Recipient	What	Why
Service providers (hosting, email, payment, AI/LLM, analytics, fraud)	Whatever is necessary for the function	To operate the Service on our behalf, under contracts requiring confidentiality and limited use
OpenRouter and underlying model providers	The text content of your AI interactions and supporting context	To generate AI replies and decisions
Other ViberWorld users	Your public profile, public posts, public chat messages, comments, badges	That's the public part of the platform
Recipient of a DM, group chat, or friend request you initiated	The content you sent them	That is the point of sending it
Law enforcement, courts, regulators	Whatever is requested by valid legal process or required to protect our rights, the safety of any person, or the integrity of the Service	Legal compliance
An acquirer, successor, or financing party	All Service data, in connection with a merger, acquisition, financing, asset sale, bankruptcy, or similar transaction	Business continuity
Aggregated or de-identified recipients	Aggregated, anonymized, or de-identified data	Research, analytics, marketing, product

5. Cookies and Tracking

We use cookies and similar storage technologies for:

Strictly necessary: session authentication (the vwsess cookie), CSRF protection (the vwcsrf cookie), preference storage. The Service cannot function without these.
Analytics & performance: understanding how the Service is used.
Fraud prevention: detecting bots, abuse, and account takeover attempts.
Third-party CDN / WAF (e.g., Cloudflare): may set its own cookies for security and performance purposes.

You can configure your browser to refuse cookies; doing so may break authentication and other essential features. We do not currently honor "Do Not Track" browser signals.

6. Data Retention

We retain information for as long as we deem necessary to operate the Service, comply with legal obligations, resolve disputes, enforce our Terms, prevent fraud, and protect the safety of users. Specific retention practices include:

Account data: retained while your account is active and for a reasonable period after deletion (typically up to 7 years for tax / dispute / regulatory reasons).
User Content: retained per Section 5.4 of the Terms; we may retain copies after deletion in backups, audit logs, and derived datasets.
AI interaction logs and AI-built profiles: retained indefinitely unless deleted per a verified user request.
Payment records: retained as long as required by tax and accounting law.
Security and audit logs: retained as long as we deem necessary for security purposes.
Backups: may retain deleted data for the rolling backup window (typically up to 90 days).

7. Your Choices

Account info: you can update or delete most account fields in Account Settings.
Account deletion: you can request account deletion through the platform or by contacting [email protected]. Deletion may not remove all derived data, backups, or logs; see Section 6.
Email preferences: you can opt out of non-transactional emails through the link in those emails. You cannot opt out of transactional / operational emails (verification, security, payment, account closure) while you maintain an account.
Visibility: you can adjust the visibility of your profile, posts, and online presence on a per-feature basis where supported.
Cookies: use your browser settings; note functional impact above.

8. Regional Privacy Rights (Summary)

Depending on where you live, you may have additional rights under local privacy laws (e.g., the EU/UK GDPR, the California Consumer Privacy Act / CPRA, the Virginia CDPA, the Colorado CPA, the Connecticut CTDPA, Brazil's LGPD, Canada's PIPEDA, and others). These rights may include the right to access, correct, delete, restrict, or object to certain processing of your personal information, the right to data portability, the right to non-discrimination for exercising privacy rights, and the right to lodge a complaint with a regulator.

To exercise any such rights, contact us at [email protected]. We will respond as required by applicable law. We may need to verify your identity before fulfilling a request.

9. International Data Transfers

The Service is operated from the United States and Europe and may process data in any country where we or our service providers operate. By using the Service, you consent to your information being transferred to, processed in, and stored in any such country, which may have data-protection laws different from your country of residence.

10. Security

We implement reasonable technical and organizational measures intended to protect personal information, including TLS in transit, hashed passwords, role-based access controls, audit logging, rate limits, jail/lockout systems, two-factor authentication where available, and operational hardening (firewall, fail2ban, suExec). However, no system is perfectly secure. You acknowledge and accept the inherent risks of providing information online.

11. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13 without verifiable parental consent, we will delete it. If you believe a child has provided information to us, contact [email protected].

12. Third-Party Sites and Services

The Service may contain links to or integrations with third-party sites and services that we do not control. Their privacy practices are governed by their own policies, not this one. We are not responsible for the practices of any third party.

13. Changes to This Policy

We may update this Policy at any time. We will post the revised version on the Service. Your continued use after a change constitutes acceptance of the updated Policy. If you do not agree to a change, your only remedy is to stop using the Service and delete your account.

14. Contact

Questions or requests concerning this Policy: [email protected]