Privacy Policy

This Privacy Policy describes how OrcaQubits LLC, doing business as VibeAEO ("OrcaQubits," "we," "our," or "us") collects, uses, and shares personal information, and explains your privacy rights.

By registering for, accessing, or using any of our websites, applications, platforms, or related services (collectively, the Services), you agree to this Privacy Policy. If you do not agree, please do not use the Services.

Table of Contents

1. Scope
2. Personal Information We Collect
3. How We Use Personal Information
4. How We Disclose Personal Information
5. Your Choices and Rights
6. Security
7. International Transfers
8. Retention
9. State Notices for U.S. Residents (including California)
10. Children's Information
11. Other Provisions
12. Contact Us

1) Scope

This Privacy Policy applies to personal information processed by us via the Services, including our websites and platforms (e.g.VibeAEO, developer portals, and APIs).

Customer Data (Processor Role). This Privacy Policy does not apply to any personal information that our business customers submit to the Services ("Customer Data"). In relation to Customer Data, we act as a processor/service provider and process such data pursuant to our customer agreements and applicable data protection addenda ("DPA"). Customers are responsible for their own privacy notices.

2) Personal Information We Collect

The categories of personal information we collect depend on your relationship with us and the Services you use.

A. Information You Provide Directly

• Account & Profile: name, email address, company/role, password, and preferences.
• Content You Submit: data you upload or connect (e.g., site URLs, feeds, product catalogs, prompts, API payloads).
• Transactions: billing details and limited payment information (we use third-party payment processors and do not store full card numbers).
• Communications: support requests, feedback, survey responses, event registrations, or job applications (resume/CV details).

B. Information Collected Automatically

• Usage & Device Data: IP address, device identifiers, browser type/version, operating system, referring/exit pages, pages viewed, links clicked, session duration, and timestamps.
• Approximate Location: derived from your IP address.
• Cookies & Similar Technologies: cookies, local storage, and pixels that are (i) operationally necessary, (ii) performance/analytics, (iii) functional, and (iv) advertising/retargeting. See Your Choices below for controls.

C. Information from Other Sources

• Third-Party Services you connect (e.g., analytics, ad platforms, ecommerce platforms, CRMs).
• Partners & Providers: business leads, enrichment, and fraud-prevention services.

D. Sensitive Data

We generally do not seek to collect sensitive personal data (e.g., precise geolocation, health, biometrics). If the Services require limited sensitive fields (e.g., for compliance), we will process them only as permitted by law and/or with your consent.

E. AI/Model Training and Ethical Use

For avoidance of doubt, we do not use personal information to train general-purpose foundation models.

If we use data to fine-tune task-specific AI models for you (e.g., personalization or optimization features), that processing is performed as a processor under our DPA and customer instructions.

Ethical Use of AI-Related Data: OrcaQubits LLC and VibeAEO are committed to responsible and transparent use of AI-related data. We ensure:

• AI systems are used in compliance with data protection and privacy regulations.
• Users maintain control over their data and can request access, deletion, or correction.
• Data used for AI insights is anonymized or aggregated whenever possible.
• No personal or sensitive information is used for unauthorized or unapproved AI training.

3) How We Use Personal Information

We use personal information to:

• Provide & Operate the Services (account management, provisioning, APIs, feature access).
• Customer Support & Communications (service messages, security and policy updates).
• Process Payments and prevent fraud/abuse.
• Improve & Develop the Services (analytics, testing, research, and product enhancement).
• Personalize content and experiences.
• Marketing permitted by law (e.g., newsletters, product updates, events) with the ability to opt-out.
• Compliance & Enforcement (legal obligations, dispute resolution, and terms enforcement).
• Aggregated/De-identified Use to generate statistics and insights that do not identify you.

Legal Bases (EU/UK/EEA). Where required, we rely on performance of a contract, legitimate interests (e.g., product improvement, security, limited direct marketing), legal obligations, and consent (where applicable, e.g., certain cookies/marketing).

4) How We Disclose Personal Information

We do not sell personal information. We may disclose personal information to:

• Service Providers/Processors: cloud hosting, security, analytics, customer support, communications, and payments—bound by contract to use data only for our instructions.
• Business Partners: when you request integrations or joint offerings.
• Affiliates: for internal operations consistent with this Policy.
• APIs/SDKs: third-party functionalities embedded in the Services; see Contact Us for details.
• Legal/Safety: to comply with law, protect rights and safety, and prevent fraud or abuse.
• Corporate Transactions: as part of a merger, financing, acquisition, or sale of assets, subject to standard safeguards.

Targeted Advertising/"Sharing." Where U.S. state laws distinguish "sale" from "sharing" for targeted advertising, we do not sell personal information and only engage in targeted advertising as permitted by law. You may opt-out where required (see Section 5).

5) Your Choices and Rights

A. Communications

Email: Use the unsubscribe link in any marketing email. We may still send transactional or security messages.

B. Cookies & Tracking

• Manage cookies via your browser/device settings. The Services may not function properly if essential cookies are disabled.
• Where available, we honor Global Privacy Control (GPC) signals for opt-out of targeted advertising/"sharing."

C. Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, port, opt-out of targeted advertising, opt-out of profiling for significant decisions, and limit use/disclosure of sensitive data. To exercise rights, contact us (Section 12). We will verify requests and respond consistent with applicable law. Authorized agents may act on your behalf where permitted.

6) Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No system is 100% secure, and we cannot guarantee absolute security. We also require appropriate safeguards from our service providers.

7) International Transfers

We may process and store information in the United States and other countries that may have different data-protection laws than your home jurisdiction. We implement appropriate safeguards (e.g., EU/UK Standard Contractual Clauses) where required.

8) Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes. Specific retention periods vary by data type and context.

9) State Notices for U.S. Residents (including California)

This section supplements the rest of the Policy for residents of states with comprehensive privacy laws (e.g., CA, CO, CT, UT, VA). The categories we collect, purposes, and disclosures are described above.

California (CCPA/CPRA)

• Categories Collected: identifiers (e.g., name, email, IP), commercial information, internet/usage data, approximate geolocation, professional information, and in limited cases inferences.
• Business Purposes: as described in Sections 3–4.
• Disclosure for Business Purposes: to service providers/processors and partners as described in Section 4.
• Sale/Share: we do not sell personal information. We may engage in limited "sharing" for targeted advertising; you can opt-out via GPC or by contacting us.
• Sensitive Personal Information: we do not use or disclose SPI for purposes that require the "Right to Limit" under CPRA.
• Rights: access, correction, deletion, portability, opt-out of sale/share, non-discrimination. Verification and agent requirements apply.

Notice at Collection: We collect personal information for the purposes described in Sections 2–3.

Retention: See Section 8.

Do Not Track: We do not respond to DNT signals; we honor GPC where applicable.

10) Children's Information

The Services are not directed to children under 13 (or the minimum age required by your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps, including deletion where required.

11) Other Provisions

• Third-Party Sites/Apps: The Services may link to third-party sites or include third-party tools. Their privacy practices are governed by their own policies.
• Supervisory Authority: If you are in the EEA/UK/Switzerland/Brazil, you may lodge a complaint with your data-protection authority.
• Changes to this Policy: We may update this Privacy Policy from time to time. Material changes will be notified as required by law. Your continued use of the Services after the effective date indicates acceptance of the updated Policy.

12) Contact Us

Annex: Summary of Collection & Disclosure (California – Past 12 Months)