Privacy Policy

1. Data Controller

This Privacy Policy describes how the VibeGuide service (the "Service"), available at getvibeguide.app, handles personal data in its capacity as data controller.

Your rights under GDPR and Türkiye's KVKK (Law No. 6698 on the Protection of Personal Data) apply.

Data Controller: [LEGAL_ENTITY_NAME / NATURAL PERSON] — [REGISTERED ADDRESS] — [VERBIS Registry No., where applicable].

Controller contact: privacy@getvibeguide.app

2. Anonymous-by-Design

VibeGuide operates without account registration. We do not collect names, phone numbers, postal addresses or other directly identifying data.

A randomly generated session_id and your in-session preferences (likes, dismiss reasons) are stored only in your browser's localStorage and never transmitted as personal data to our servers.

3. Categories of Data Collected

Free-text inputs: Sentences you write describing your travel intent. Sent to OpenAI for inference; not persistently stored on our servers.

Interaction events: Clicks, page views, likes, dismiss reasons — paired with anonymous session_id. Used for service quality measurement.

Technical logs: IP address (rate limiting and abuse protection), browser User-Agent, error stack traces (Sentry).

Special categories of data (passport, ID, payment cards, health data) are NOT collected.

4. Purposes and Lawful Basis

Service delivery and personalized destination recommendations (GDPR Art. 6(1)(b) contract performance; KVKK Art. 5/2-c).

Error analysis and security controls (GDPR Art. 6(1)(f) legitimate interest; KVKK Art. 5/2-f).

Analytics and product improvement; cookie-based analytics is consent-based (GDPR Art. 6(1)(a); KVKK Art. 5/1).

5. Third-Party Processors

OpenAI (LLM inference, US): Free-text inputs are forwarded to model APIs. OpenAI's retention policy is governed by their terms; see openai.com/policies.

Railway (web and API hosting, EU West Amsterdam): Page serving, serverless functions, and application backend.

Cloudflare (DNS, US/global): Domain resolution.

Sentry (error tracking, US): Anonymized error reports (when configured).

Affiliate partners (Booking.com, Tripadvisor, Airbnb, Expedia): Only outbound link clicks — no user data is shared; the user's relationship with the partner site after a click is entirely independent of VibeGuide.

6. Retention Periods

Free-text inputs: Processed transiently during inference; cached on the server for up to 10 minutes (refine cache TTL).

Interaction events: Stored in server logs for 30 days; may move to a dedicated analytics platform later.

Error logs: 30 days default retention when Sentry is enabled.

localStorage data (likes, dismiss records, language preference): Lives on your device; cleared when you clear browser data.

7. International Data Transfers

Some processors are located in the US or EU member states. Transfers occur under appropriate safeguards (e.g. Standard Contractual Clauses) under GDPR Chapter V and KVKK Art. 9.

8. Your Rights

Under GDPR Art. 15-22 and KVKK Art. 11 you have the right to: access, rectification, erasure (right to be forgotten), restriction of processing, objection, and data portability.

To exercise these rights, write to privacy@getvibeguide.app. We respond within 30 days.

You retain the right to lodge a complaint with the supervisory authority of your country.

9. Children

The Service is not intended for users under 13. Parental consent is recommended for users between 13 and 18.

10. Changes to This Policy

We may update this policy. Material changes will be noted with a revised date at the top; changes requiring renewed consent will be communicated explicitly.