Privacy Policy

    1. Introduction

    Welcome to Vybes Studio, operated by Island Reservations LLC dba Vybes Productions ("we," "us," or "our"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

    This Privacy Policy applies to all users of our website and related services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

    2. Information We Collect

    We collect various types of information to provide and improve our Service:

    2.1 Account Information

    • Email address: Required for account creation, login, and communication
    • Password: Securely hashed and stored for authentication
    • Google account data: If you sign in via Google OAuth, we receive your email and basic profile information
    • User ID: A unique identifier assigned to your account

    2.2 Behavioral and Analytics Data

    To improve our content offerings and user experience, we track:

    • Asset views: We record which photos and videos you view, including timestamps
    • Search activity: We log search terms you enter and filters you apply (media type, category, location, tags)
    • Search result counts: The number of results returned for each search
    • Session identifiers: For guest users, we generate random session IDs (not personally identifiable) to associate browsing activity
    • Page views: We track which pages you visit and how you navigate through the site
    • Cart activity: We monitor items added to or removed from your cart
    • Checkout events: We record when checkout processes are initiated

    2.3 Visitor Session Data

    We collect session-level data to understand how visitors interact with our platform:

    • Session timing: When sessions start and last activity timestamps
    • Geographic data: Country and city information derived from your IP address
    • User agent: Browser and device information

    Note: We exclude tracking for internal development and preview environments to ensure analytics reflect genuine user activity only.

    2.4 Shopping and Transaction Data

    • Cart items: For logged-in users, items in your cart are stored in our database; for guests, cart data is stored locally in your browser
    • Purchase history: Records of all completed orders, including media items, resolution, format, and pricing
    • Order details: Order numbers, timestamps, payment status, and any applied promo codes
    • Promo code usage: We track which promotional codes you've used and how many times
    • Download activity: Number of downloads and download expiration dates for purchased content

    2.5 Contact Form Submissions

    When you contact us through our website, we collect:

    • Your name
    • Email address
    • Subject/inquiry type
    • Message content

    2.6 Technical and Security Data

    • IP address: Used for rate limiting, fraud prevention, and security purposes
    • Request metadata: Timestamps and request counts for security monitoring
    • Browser and device information: Standard web server logs may include browser type, operating system, and device information

    3. How We Use Your Information

    We use the information we collect for the following purposes:

    3.1 Service Provision

    • To create and manage your account
    • To authenticate your identity when you log in
    • To display your cart and purchase history
    • To deliver purchased media files

    3.2 Transaction Processing

    • To process payments through our payment processor (Stripe)
    • To validate and apply promotional codes
    • To send order confirmation emails and receipts
    • To manage download access and expiration

    3.3 Customer Support

    • To respond to your inquiries and support requests
    • To communicate important updates about your account or purchases

    3.4 Analytics and Improvement

    • To analyze which content is most popular and engaging
    • To understand how users search for and discover content
    • To improve our search functionality and content recommendations
    • To identify trends and optimize our media offerings

    3.5 Security and Fraud Prevention

    • To implement rate limiting and prevent abuse
    • To detect and prevent fraudulent transactions
    • To protect the security and integrity of our Service

    4. Information Sharing and Disclosure

    We do not sell your personal information. We may share your information only in the following circumstances:

    4.1 Third-Party Service Providers

    We use trusted third-party services to operate our platform:

    • Stripe: Payment processing – receives your payment information directly (we do not store credit card numbers)
    • Amazon Web Services (AWS S3): Cloud storage for media files
    • Supabase: Database and authentication infrastructure
    • Resend: Email delivery for order confirmations and contact form responses
    • Vercel: Website hosting and content delivery

    4.2 Legal Requirements

    We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

    4.3 Business Transfers

    In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

    5. Data Storage and Security

    5.1 Where We Store Your Data

    Your data is stored on secure cloud infrastructure primarily located in the United States. Our database is hosted on Supabase with industry-standard security measures.

    5.2 Security Measures

    • All data transmitted to and from our Service is encrypted using TLS/SSL
    • Passwords are securely hashed using industry-standard algorithms
    • Database access is protected by Row Level Security (RLS) policies
    • Rate limiting protects against brute force and denial-of-service attacks
    • Administrative access requires authenticated admin roles

    5.3 Data Retention

    • Account data: Retained as long as your account is active
    • Purchase records: Retained indefinitely for licensing verification and legal compliance
    • Analytics data: Search logs and view tracking may be retained for up to 2 years
    • Rate limit records: Automatically cleaned up after 24 hours

    6. Cookies and Local Storage

    6.1 What We Use

    • Authentication cookies: Essential cookies to keep you logged in during your session
    • Local storage (guest cart): If you are not logged in, your shopping cart is stored in your browser's local storage
    • Session identifiers: Random identifiers stored in your browser to associate anonymous browsing activity for analytics purposes
    • Theme preference: Your light/dark mode preference is stored locally

    6.2 Third-Party Cookies

    Our payment processor (Stripe) may set cookies for fraud detection and security purposes.

    7. Your Rights and Choices

    Depending on your location, you may have certain rights regarding your personal information:

    7.1 Access Your Data

    You can view your account information, order history, and purchases at any time by logging into your account.

    7.2 Request Deletion

    You may request deletion of your account and associated personal data by contacting us through our Contact page. Note that we may retain certain information as required by law or for legitimate business purposes (such as purchase records for licensing verification).

    7.3 Opt-Out Options

    • You can clear your browser's cookies and local storage at any time
    • You can browse without creating an account (note: some features require login)
    • You can request to opt out of analytics tracking by contacting us

    7.4 Data Portability

    You may request a copy of your personal data in a structured, commonly used format by contacting us.

    7.5 California Residents (CCPA)

    California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete, and the right to opt-out of sales (we do not sell personal information).

    7.6 European Users (GDPR)

    If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction, data portability, and the right to object. To exercise these rights, please contact us.

    8. International Data Transfers

    Our Service is operated from the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

    By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

    9. Children's Privacy

    Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

    10. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:

    • Update the "Last Updated" date at the top of this policy
    • Post a notice on our website or notify registered users via email for significant changes

    We encourage you to review this Privacy Policy periodically.

    11. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our Contact page.

    We will respond to your inquiry within a reasonable timeframe.