Privacy Policy
Last updated: July 1, 2026
Table of Contents
- 1. Introduction
- 2. Scope
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Artificial Intelligence and Automated Processing
- 6. Third-Party Service Providers
- 7. Your Responsibilities as a Site Owner
- 8. Cookies, Tracking Technologies, and Analytics
- 9. Data Retention
- 10. Your Rights and Choices
- 11. Data Security
- 12. Communications
- 13. Children's Privacy
- 14. Changes to This Policy
- 15. Contact Us
1. Introduction
This Privacy Policy is issued by BC Innovation Labs, doing business as Vibe Otter ("we," "our," or "us"). It explains how we collect, use, disclose, and safeguard your information when you access or use the Vibe Otter platform and any related services.
By creating an account, accessing our platform, or using any of our services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this policy. If you do not agree, do not use our services.
2. Scope
This policy applies to the Vibe Otter platform, including our website builder, published websites hosted on our infrastructure, associated APIs, mobile interfaces, and all related tools and features. It covers information collected from platform users (those who create accounts and build websites) and, where indicated, from visitors to websites built and published using our platform.
Websites built by our users and visited by third parties may collect additional data as determined by the site owner. The site owner is responsible for their own privacy practices and disclosures regarding data collected through their sites. See Section 7 for details.
3. Information We Collect
Information You Provide
- Account Information: Email address, authentication credentials, and any profile information you provide. If you authenticate through a third-party provider (such as a social login), we receive your email address and basic profile information from that provider.
- Communications and Content: All content you submit to the platform, including chat messages, prompts, instructions, feedback, text, images, videos, documents, code, and any other files you upload or create.
- Payment Information: Billing and payment details necessary to process transactions. Payment card details are collected and processed exclusively by our third-party payment processor and are never stored on our servers.
- Website Content: All websites, pages, files, configurations, data collections, compute functions, and associated content you create or store on our platform.
- Domain and Registration Data: Domain names, DNS preferences, and related configuration information when you register or connect a domain through our platform.
- Support and Contact Data: Information you provide when contacting support, including your name, email, phone number, and the content of your communications.
- Referral and Affiliate Data: Referral codes, affiliate program participation data, and related attribution information.
- Plan and Subscription Data: Your selected plan tier, subscription status, billing cycle, plan change history, and any grandfathered or promotional entitlements associated with your account.
Information Collected Automatically
- Usage Data: Pages visited, features used, actions taken, click patterns, scroll behavior, and interactions with platform elements.
- Device and Browser Information: Browser type, operating system, screen resolution, device identifiers, and language preferences.
- Log Data: IP addresses, access timestamps, request URLs, HTTP referrer headers, user agent strings, and server response codes.
- Analytics Data: Behavioral and interaction data collected through analytics, performance monitoring, and user experience analysis tools, including session recordings and heatmap data.
- Attribution Data: Referral sources, marketing campaign identifiers, conversion events, and purchase attribution data.
- Usage Quota Data: AI chat interaction counts, form submission counts, data storage consumption, bandwidth usage, and other metered resource consumption tracked for plan tier enforcement and usage limit monitoring.
- Branding Compliance Data: Automated monitoring data used to verify compliance with branding requirements on published sites, including detection of branding element presence, visibility, and integrity.
Information from Third Parties
- Authentication Providers: Account information from third-party login services.
- Payment Processors: Transaction status, subscription state, and invoice data.
- Connected Services: Data from external services you choose to integrate (such as ecommerce platforms, calendar services, or other third-party tools), limited to the data necessary for the integration to function.
4. How We Use Your Information
We use the information we collect for the following purposes:
- Service Provision: To provide, operate, maintain, and improve our platform and all related features.
- Content Generation: To generate, modify, and improve websites and other content on your behalf using automated systems.
- Technology Development: To develop, train, test, and improve our technology, algorithms, and services, including automated and AI-powered systems.
- Personalization: To personalize your experience and deliver features, content, and recommendations relevant to your use.
- Communications: To communicate with you about your account, respond to inquiries, send transactional notifications, and provide information about our services.
- Security and Integrity: To detect, investigate, prevent, and address fraud, abuse, security incidents, and technical issues.
- Content Moderation: To enforce our acceptable use policies through automated and manual review of content submitted to the platform.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
- Analytics and Performance: To conduct analytics, measure service performance, understand usage patterns, and inform business decisions.
- Aggregate Insights: To create aggregated, de-identified, or anonymized data derived from your information, which we may use for any lawful purpose without restriction.
- Plan Enforcement: To enforce plan tier limits and usage quotas, determine eligibility for free-tier access, monitor compliance with branding requirements, and assess account activity levels for inactive account policies.
- Resource Allocation: To allocate platform resources, processing priority, and feature access based on plan tier and account standing.
5. Artificial Intelligence and Automated Processing
Our platform uses artificial intelligence and automated systems provided by third-party AI service providers to deliver its core functionality, including website generation, content creation, code generation, image processing, and content moderation.
Data Processed by AI Systems
Content you provide to the platform — including text messages, prompts, instructions, uploaded images, uploaded documents, website files, and screenshots of rendered pages — may be transmitted to and processed by third-party AI service providers to generate, modify, analyze, or improve your websites and related content. Substantially all content you submit to the platform's builder interface is processed by AI systems as part of normal service operation.
Retention of AI Inputs and Outputs
Inputs to and outputs from AI systems (including your messages and the content generated in response) are retained on our servers for service operation, quality assurance, safety monitoring, dispute resolution, and compliance purposes. We may use aggregated, de-identified, or anonymized data derived from AI interactions for any lawful purpose, including improving our services and technology.
Third-Party AI Providers
Third-party AI service providers process your data under their own terms, data handling policies, and privacy practices. We select providers that offer commercial API terms under which customer inputs and outputs are not used to train general-purpose models, but we make no guarantees regarding any third party's data practices beyond our contractual obligations. AI-generated content is provided "as-is" without warranty of accuracy, originality, completeness, or fitness for any particular purpose.
6. Third-Party Service Providers
We use third-party service providers to operate our platform. These providers may receive, process, or store your information as necessary to perform their functions on our behalf. Categories of providers include:
- Artificial intelligence and machine learning providers
- Cloud hosting, storage, and compute providers
- Payment processors and billing platforms
- Email delivery and communications services
- Newsletter and marketing platforms
- Domain registration and DNS management providers
- SSL/TLS certificate authorities
- Analytics, performance monitoring, and user experience analysis providers
- Session recording and behavioral analytics providers
- Advertising attribution and conversion tracking providers
- Content delivery networks
- Authentication and identity providers
- SMS and voice communications providers
- Stock media and content providers
- Ecommerce platform integrations
We may add, remove, or replace service providers at any time without prior notice. Third-party providers operate under their own privacy policies and terms. We are not responsible for their data practices beyond our contractual obligations.
We may share your information with any third party as necessary to provide, maintain, secure, or improve our services, or as required by law.
Other Disclosures
- Legal Requirements: We may disclose your information if required by law, regulation, legal process, or enforceable governmental request.
- Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, user information may be transferred as part of the transaction. You will be notified of any such change via a notice on our website.
- Protection of Rights: We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users, third parties, or the public.
- With Your Consent: We may share information for purposes not described in this policy with your consent.
We do not sell your personal information to third parties for their marketing purposes.
7. Your Responsibilities as a Site Owner
When you use Vibe Otter to build and publish a website that collects information from your own site visitors — whether through forms, user registration, data collections, file uploads, ecommerce transactions, or any other means — you are the data controller for that visitor data. Vibe Otter acts as a data processor on your behalf, storing and processing that data according to your site's configuration.
As the data controller, you are solely responsible for:
- Determining what data your site collects from visitors and how that data is used.
- Obtaining all necessary consents from your site visitors before collecting their data.
- Publishing your own privacy policy and any other legal disclosures required by applicable law on your site.
- Complying with all applicable data protection laws and regulations (including but not limited to GDPR, CCPA, and any other regional or industry-specific requirements) with respect to your site visitors' data.
- Configuring appropriate access controls, permissions, and security settings for data collected through your site.
- Responding to data subject requests (access, deletion, portability, etc.) from your site visitors.
We provide tools such as cookie consent banners, user authentication systems, and access controls to assist you, but the availability of these tools does not constitute legal advice and we make no representation or warranty that these tools satisfy your legal obligations in any jurisdiction.
You agree to indemnify and hold Vibe Otter harmless from any claims, damages, losses, or expenses arising from your collection, use, disclosure, or processing of your site visitors' data, including any failure to comply with applicable data protection laws.
8. Cookies, Tracking Technologies, and Analytics
We use cookies, local storage, and similar technologies to operate our platform, understand usage patterns, and improve our services. These technologies may be placed by us or by third-party providers operating on our behalf.
Essential Cookies and Storage
We use cookies and local storage for authentication, session management, security, user preferences, and core platform functionality. These are necessary for the platform to operate and cannot be disabled without impairing functionality.
Analytics, Performance, and User Experience
We use analytics and user experience analysis tools to understand how users interact with our platform. These tools may collect data including page views, click patterns, scroll behavior, mouse movements, session recordings, form interactions, navigation paths, and conversion events. This data helps us identify usability issues, measure feature adoption, and improve our services.
Advertising and Attribution
We use conversion tracking pixels and attribution technologies to measure the effectiveness of our marketing campaigns and understand how users discover our platform. These technologies may collect data about your interactions with our advertising and our platform, and may be used by third-party advertising platforms in accordance with their own privacy policies.
Consent and Controls
Some tracking technologies are loaded when you access our platform. By using our platform, you consent to the use of these technologies as described in this policy. You can control or delete cookies through your browser settings, and you can clear local storage through your browser's developer tools. However, disabling these technologies may impair your ability to use certain features of our services. We provide cookie consent tools for websites built on our platform; platform users should manage their preferences through their browser settings.
Free-Tier Published Sites
Websites published under free-tier accounts may include Vibe Otter branding scripts, analytics code, and attribution technologies. These technologies serve platform operational purposes (including branding compliance verification) as well as promotional and attribution purposes. Site visitors to free-tier published sites may be subject to tracking by these technologies. Upgrading to a paid plan removes platform-placed branding and promotional technologies from published sites.
9. Data Retention
We retain your information for as long as reasonably necessary to provide our services, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, enforce our agreements, and protect our legitimate business interests. The specific retention period varies based on the type of data, the nature of our relationship with you, and applicable legal requirements.
Following account termination or cancellation, we may retain your data for a reasonable period for legal, operational, compliance, or archival purposes. We are under no obligation to delete data on any specific timeline unless required by applicable law.
Server logs, security records, transaction histories, and AI interaction records may be retained as necessary for security, fraud prevention, dispute resolution, and compliance. Aggregated, de-identified, or anonymized data may be retained indefinitely for any lawful purpose.
Data retention practices may vary by plan tier. Free-tier account data — including published sites, data collections, uploaded files, and account configurations — may be deleted following extended account inactivity (ninety (90) or more consecutive days) without separate notice to the account holder. Paid account data is retained for the duration of the active subscription plus a reasonable wind-down period following cancellation or termination. Upon downgrade from a paid tier to the free tier, data and content exceeding free-tier limits may be archived, restricted, or deleted after a reasonable grace period determined at our sole discretion.
10. Your Rights and Choices
Subject to applicable law and our legitimate business needs, you may:
- Access: Request access to the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information. Note that deletion may not be possible for data we are required to retain for legal compliance, security, fraud prevention, contract performance, or the exercise or defense of legal claims.
- Portability: Request a copy of certain personal data in a structured, commonly used format, where technically feasible.
- Opt-Out: Opt out of marketing communications as described in Section 12.
To exercise these rights, contact us using the information in Section 15. We may require identity verification before processing your request. We will respond to verified requests within a reasonable timeframe and in accordance with applicable law.
We reserve the right to deny requests that are excessive, repetitive, manifestly unfounded, technically infeasible, or that would compromise the privacy rights of others, jeopardize our security, or conflict with our legal obligations. Account termination does not automatically result in deletion of all associated data.
11. Data Security
We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS 1.2/1.3) and sensitive data at rest (AES-256)
- Cryptographic hashing of passwords and authentication tokens
- Access controls and role-based authentication mechanisms
- Regular security assessments and secure development practices
- Automated backup procedures with encrypted offsite storage
- Incident monitoring and response procedures
No method of transmission over the internet or method of electronic storage is completely secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security and accept no liability for unauthorized access resulting from circumstances beyond our reasonable control.
12. Communications
By creating an account, you consent to receive transactional and service-related communications necessary for the operation of your account, including build notifications, security alerts, payment confirmations, and account updates. These communications are essential to the service and cannot be opted out of while your account is active.
We may also send periodic communications about your account activity, feature announcements, and our services. You may opt out of these non-essential communications at any time by clicking the unsubscribe link included in each email or by contacting us. Opting out of non-essential communications does not affect transactional messages necessary for service operation.
13. Children's Privacy
Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete such information.
14. Changes to This Policy
We may update this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated policy on this page and revise the "Last updated" date. Your continued use of our services after any changes to this policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
BC Innovation Labs (DBA Vibe Otter)
10922 80th Pl NE
Kirkland, WA 98034
Email: nick@vibeotter.com
Phone: 206-608-7108