Privacy Policy

Today (pre-launch). When you join the waitlist, we collect:

• Your email address (required).
• Your interest type — whether you signed up as a fan, a creator, or both.
• A source tag — a short label identifying which form on the page you used (for example, the main hero form near the top, or the founding-creator form at the bottom). This helps us see which part of the page brought you in.
• Your IP address, transiently, for rate limiting only. It is not stored on your waitlist record.

At launch (full product). When the full VYBEV Service becomes available, we will additionally collect:

• Account identifiers via our authentication provider (Privy): email address, Privy user ID. We do not store password hashes because VYBEV does not use passwords — you sign in via email, social login, or wallet.
• Wallet address — if you connect your own wallet, or an embedded wallet that Privy creates for you automatically.
• Creator profile — display name, bio, avatar URL, payout preference (crypto or fiat), and (for fiat payouts) minimal Stripe Connect onboarding data handled by Stripe directly. We do not see or store your full bank details.
• Content you upload — photos you submit, their metadata (caption, persona, pricing), and a perceptual hash (pHash) fingerprint computed from the image itself. pHash is technical, not personal — it exists so we can detect duplicate or reused uploads.
• Engagement events — views, likes, pins, follows, shares, and purchases. These are the raw inputs that feed the weekly creator reward pool (see Section 3).
• Approximate location (city or country), derived from your IP address at the time you engage with creator content. We use this so creators can see aggregated insights like “12 views from London this week.” Creators never see your individual IP address or identifier — only counts per city or country. See Section 3 for details on how this is stored and used.
• Payment information handled by our processors (Stripe for fiat, on-chain for USDC). We do not store full card numbers or private keys.

What we deliberately never collect.

• Precise location (GPS coordinates). We never access or store fine-grained location from your device. The approximate city/country we derive from IP (described above) is the only location-related data we work with.
• Persistent IP logs tied to your identity. Raw IP addresses are used transiently for rate limiting and linked to engagement events only for a short fraud-detection window (Section 3). We do not keep a long-term log of which IP you signed in from.
• Your private keys. If you bring your own wallet, your keys never leave your device.
• Third-party cross-site tracking data. We do not use advertising pixels or cross-site identity graphs.

At the waitlist stage, we use your email solely to:

• Send you a one-time welcome email confirming your signup.
• Notify you when early access opens.
• Send product updates tied to the launch.

At launch, we will additionally use the information above to:

• Operate your account and keep you signed in.
• Display your uploads and collections in the curation queue and discovery feed.
• Calculate engagement scores and distribute the weekly creator reward pool fairly (see VYBEV’s Terms of Service Section 6 for the formula).
• Process payments, refunds, and payouts.
• Run perceptual-hash checks on uploaded photos to enforce the “one photo, one collection” rule.
• Respond to your support requests.
• Detect abuse, fraud, unauthorized access, and violations of our Terms.

We do not use your information for third-party advertising, data resale, automated profiling, or behavioral tracking beyond what is strictly necessary to operate the Service.

VYBEV’s creator reward pool is distributed weekly based on engagement. Each subscriber’s actions — viewing, liking, pinning, following, sharing, and purchasing — generate engagement events that contribute to the creators whose work drove them.

Engagement events are stored in aggregate form per-creator and per-week for reward calculation. Raw events linked to an individual user are retained for up to 90 days for fraud detection, after which they are purged. Aggregate totals (e.g. total views per creator per week) are retained for creator history and payout records.

Approximate location for creator insights. When you engage with a piece of content, we derive your approximate location (typically city or country level) from your IP address. We use this for two things:

• Creator insights.Creators see aggregated location counts for their work — for example, “your photo was viewed 23 times in London and 7 times in Tokyo this week.” Creators never see individual users, individual IP addresses, or fine-grained location. To preserve privacy, we suppress counts below a small threshold so that rare-city views cannot be traced back to a single person.
• Service operation. Serving the closest CDN region, meeting regional legal obligations, and detecting abnormal traffic patterns.

We do not use this location data for advertising, resale, or profile-building outside the creator-insights feature. We do not track you across sessions to build a location history — the approximate city is attached to each engagement event and is not stitched into a personal movement trail.

Post-MVP, VYBEV plans to offer subscribers the option to own their engagement data on-chain via a user-controlled data vault and opt-in to monetize that data (see our Terms of Service Section 7). This is a future feature; today no engagement data is shared outside VYBEV’s own systems.

We use the following sub-processors to operate the Service. All are bound by confidentiality obligations and used solely to provide VYBEV functionality.

• Supabase — managed PostgreSQL database hosting. Stores waitlist signups today, user accounts + content + engagement at launch.
• Upstash — serverless Redis for caching and background job queues.
• Resend — transactional email delivery (waitlist welcome today; launch announcements, receipts, and payout notifications later).
• Privy (at launch) — authentication and embedded wallet provisioning. Privy handles credential verification; we only receive a verified user ID and optional wallet address.
• Stripe (at launch, when paid features enable) — payment processing and Stripe Connect payouts for fiat creators.
• Pinata + Cloudflare (at launch) — IPFS pinning and CDN delivery for creator uploads.
• Polygon PoS (at launch) — public blockchain used for NFT minting, resale royalties, and subscription proofs. See Section 8 for the important permanence disclosure.

We take reasonable technical and organizational measures to protect your information, including encryption in transit (TLS), encryption at rest for our databases, least-privilege access controls, and infrastructure secret rotation. No system is 100% secure; by using VYBEV you acknowledge and accept this risk.

We do not sell, rent, or trade your personal information.

We share limited information only when:

• It is necessary to operate the Service via the sub-processors listed in Section 4, each bound by confidentiality.
• Required by law, court order, or valid legal process. We will push back on overbroad requests and, where legally permitted, notify you before disclosing your data.
• Needed to protect the rights, safety, or integrity of i2L Tech, VYBEV, our users, or the public.
• A business transaction (merger, acquisition, financing) requires it. Any successor will be bound by this Policy or one at least as protective.

VYBEV does not use cookies for personalized advertising or cross-site behavioral tracking. We do not build individual user profiles, and we do not share data with advertising networks.

We use Vercel Analytics to measure aggregate site traffic (page views, referrer, country at a coarse level, device type) so we understand which parts of the site resonate with visitors. Vercel Analytics does not set cookies, does not store an IP address, and does not build individual visitor profiles — it reports only aggregate counts. Because it is cookieless and does not process identifiable personal data, it does not require a consent banner under GDPR or CCPA.

If we later introduce any tracking technology that collects personal data, sets cookies, or profiles individuals, we will update this Policy and show a consent banner before deploying it. You can also disable any analytics at the browser level using common ad-blocking extensions without affecting the functionality of the site.

You have the right to:

• Access — request a copy of the information we hold about you.
• Deletion — request removal of your waitlist email, account, and associated data. Note the on-chain caveat in Section 8: information committed to the Polygon blockchain cannot be deleted.
• Correction — request that inaccurate information be corrected.
• Opt-out — unsubscribe from emails at any time via the link in the footer of every email we send.
• Portability — request your data in a structured, machine-readable format where technically feasible.

California residents have additional rights under the CCPA/CPRA, and residents of the European Economic Area, United Kingdom, and Switzerland have rights under the GDPR. Contact us at the address in Section 12 to exercise any of these rights.

When the full Service launches, the following information becomes part of the permanent public record on Polygon PoS:

• Your wallet address (pseudonymous but potentially linkable to you over time).
• Any NFT you mint, purchase, or resell — including price, date, and counterparties.
• Your active subscription proof, when issued as a soulbound token.
• Weekly engagement scores that feed the reward pool, posted per-epoch.

If you later delete your VYBEV account, the on-chain record remains. We can remove the linkage between your wallet and your personal identity in our own databases, but the public record on Polygon persists forever. Please consider this before your first on-chain action.

Two commitments that define VYBEV’s approach to AI:

• We do not train AI models on your uploads without explicit, per-image opt-in. Consent defaults to OFF. If you opt in (a checkbox on each upload), you can also specify what kinds of training are permitted. You can revoke consent at any time; revocation stops future training but cannot retract models that have already been trained.
• We do not accept AI-generated submissions on the creator platform. Human attestation and C2PA provenance checks will be required at upload time. AI-generated content submitted in violation of this rule may be removed, and the creator may be suspended.

These positions are central to VYBEV’s value proposition for photographers and will not change without advance notice and creator consultation.

Our primary database and cache providers (Supabase, Upstash) let us select a region. We host VYBEV data in the region appropriate to our user base. If you are located outside that region, your information may be transferred to and processed in the country where our infrastructure is hosted. We rely on standard contractual clauses or equivalent safeguards where required.

VYBEV is not directed at children under 13 (or the minimum age in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at the address in Section 12 and we will delete it.

Questions about this Privacy Policy, your data, or how to exercise your rights?

• Email: privacy@i2ltech.com
• Entity: i2L Tech

We may update this Privacy Policy as VYBEV evolves and as new features come online. If the changes are material, we will update the “Last updated” date at the top and notify users where legally required (e.g. by email for account holders or by a prominent banner on the Site).