Privacy Policy

1. Introduction

VibeReception ("we," "us," or "our") provides an AI-powered receptionist service for beauty salons. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our platform at vibereception.com (the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

We collect the following categories of personal information:

Account Information

• Instagram account details (username, profile information) via Instagram Login
• Email address and name associated with your Instagram account
• Salon business information (name, address, services, operating hours)

Customer Data

• Names, phone numbers, and email addresses of your salon's customers
• Instagram handles of customers who message your salon
• Booking history and appointment details

Conversation Data

• Instagram Direct Message content exchanged between your salon and its customers
• AI-generated responses produced by the Service

Payment Information

• Billing details processed through Stripe (we do not store full credit card numbers on our servers)
• Subscription status and payment history

Usage & Analytics Data

• Device information, browser type, and IP address
• Pages visited, features used, and interaction patterns
• Referral source and marketing attribution data

3. How We Use Your Information

• AI-Powered Conversations: Instagram DM content is sent to Anthropic's Claude API to generate intelligent replies on behalf of your salon. Messages are processed in real time and are not used by Anthropic to train their models.
• Appointment Booking: Customer information and booking requests are used to create, reschedule, and manage appointments via Google Calendar integration.
• Payment Processing: Subscription billing is handled through Stripe to manage your account and process monthly payments.
• Transactional Emails: We use Resend to deliver account-related notifications such as booking confirmations and account updates.
• Service Improvement: Analytics data helps us understand usage patterns and improve the Service.
• Customer Support: We use your information to respond to inquiries and resolve issues.

4. Third-Party Services

We share personal information with the following third-party service providers, each acting as a data processor on our behalf:

• Anthropic — AI language model provider. Receives DM conversation content to generate replies.
• Stripe — Payment processing. Receives billing and payment information.
• Resend — Email delivery. Receives email addresses for transactional emails.
• Google Calendar — Appointment management. Receives booking details and customer names.
• Meta (Instagram) — Platform integration. We access Instagram DMs via Meta's Messaging API.
• Google Analytics (GA4) — Website analytics. Collects anonymized usage data via cookies.
• Meta Pixel — Advertising analytics. Tracks conversions for ad optimization.
• Google Ads — Server-side conversion tracking for advertising performance measurement.

5. Cookies & Tracking

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Authentication tokens and session management required for the Service to function.
• Analytics Cookies: Google Analytics (GA4) cookies to understand how visitors use our site.
• Advertising Cookies: Meta Pixel and Google Ads cookies for conversion tracking and ad measurement.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

6. Data Retention

• Account Data: Retained for as long as your account is active, plus 30 days after deletion to allow for account recovery.
• Conversation Data: Instagram DM content and AI-generated replies are retained for the duration of your active subscription. Conversations are deleted within 30 days of account closure.
• Customer Records: Customer names, contact details, and booking history are retained for as long as your account is active and deleted within 30 days of account closure.
• Payment Records: Transaction records may be retained for up to 7 years as required by applicable tax and financial regulations.
• Analytics Data: Anonymized analytics data may be retained indefinitely for aggregate trend analysis.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request a machine-readable export of your data.
• Objection: Object to processing of your data for certain purposes, including direct marketing.
• Restriction: Request that we limit processing of your data in certain circumstances.

To exercise any of these rights, contact us at darling@vibereception.com. We will respond within 30 days.

8. Data Deletion

You may request deletion of your data at any time. For Instagram-specific data deletion requests, please visit our Data Deletion page. You can also request full account and data deletion by emailing darling@vibereception.com.

Upon receiving a valid deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

9. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following lawful bases:

• Contract Performance: Processing necessary to provide the Service you have subscribed to (account management, AI conversations, booking).
• Legitimate Interest: Analytics and service improvement, fraud prevention, and customer support.
• Consent: Marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal Obligation: Retaining financial records as required by applicable law.

10. International Data Transfers

Our Service and third-party providers operate primarily in the United States. If you are located outside the US, your personal data will be transferred to and processed in the US and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required under GDPR.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to opt out of the sale of your personal information.
• The right to non-discrimination for exercising your privacy rights.

We do not sell personal information. To exercise your rights, contact us at darling@vibereception.com.

12. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS), secure credential storage, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

13. Google API Services User Data Policy

VibeReception's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

OAuth scopes we request

• .../auth/userinfo.email — to identify your account during sign-in.
• .../auth/userinfo.profile — to show your name in the dashboard and on customer-facing confirmations.
• .../auth/calendar and .../auth/calendar.events — only requested when you explicitly choose Google Calendar as your booking provider. Used to read your availability and write appointment events on your behalf so the AI receptionist can schedule and reschedule for you.

Limited Use commitments

• We use Google user data only to provide and improve the user-facing features of VibeReception (sign-in, calendar read/write for booking, profile display).
• We do not transfer Google user data to third parties except as necessary to provide the user-facing features (e.g., hosting infrastructure), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Google user data, except: (a) with your affirmative consent for specific messages, (b) when required for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for the limited purpose of internal operations where the data has been aggregated and anonymized.
• We do not use Google user data to develop, improve, or train generalized AI or machine learning models. The Anthropic Claude API used for AI receptionist replies receives Instagram DM content only, not Google Calendar data.

Revoking access

You can revoke VibeReception's access to your Google account at any time at myaccount.google.com/permissions or by disconnecting Google Calendar from Settings → Booking → Disconnect in the dashboard. Revoking access does not delete the bookings already stored in VibeReception — see Section 7 (Your Rights) for deletion options.

14. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

darling@vibereception.com