Legal

Privacy Policy

www.vibesync.co.uk · Last Updated: 24 April 2026 · Applies to all VibeSync Services
🔐

Your privacy matters to us. This policy explains what personal data VibeSync collects about you, why we collect it, how long we keep it, who we share it with, and what rights you have over it.

We operate under UK law. Our processing is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where our users are in the EU, we also respect the requirements of the EU GDPR.

If you have any questions about this policy, contact us at legal@vibesync.co.uk.

1 Who We Are

VibeSync ("we", "us", "our") is the data controller responsible for your personal data collected through the VibeSync platform, accessible at www.vibesync.co.uk.

As data controller, we determine the purposes and means of processing your personal data. If you have any questions about how we handle your data, you can reach us at:

VibeSync — Data Controller

Website: www.vibesync.co.uk

Privacy enquiries: legal@vibesync.co.uk

Safeguarding: safeguarding@vibesync.co.uk

2 Personal Data We Collect

We collect the following categories of personal data:

2.1 Account and Registration Data

  • Username and display name;
  • Email address;
  • Date of birth (used for age verification and retained for the life of the account);
  • Password (stored as a one-way cryptographic hash — we never store your password in plain text);
  • Profile preferences, including your chosen avatar emoji and display colour.

2.2 Communications and Content

  • Chat messages sent in public rooms, private rooms, and direct messages;
  • Images and media shared through the platform;
  • Voice and video communications where used (note: we do not host or store voice/video streams directly, but metadata such as session initiation may be logged);
  • Feedback, bug reports, and feature requests submitted by you.

2.3 Technical and Usage Data

  • IP address at login and during active sessions;
  • Browser type and version, operating system, and device type;
  • Session tokens and authentication data;
  • Pages visited, features used, and timestamps of activity;
  • Device control session metadata (timing and connectivity events — not the content of any physical device interaction).

2.4 Moderation and Safety Data

  • Reports submitted by or against your account;
  • Warnings, bans, and other moderation actions applied to your account;
  • Flagged or reviewed content associated with your account;
  • Any information you voluntarily provide when contacting our support or safeguarding teams.

3 How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you — when you register, complete your profile, send messages, submit reports or feedback, or contact our support team;
  • Automatically — when you use the Services, we collect technical and usage data through server logs and session management systems;
  • From other users — when another user submits a report about your account or messages, that information is associated with your account record;
  • Through cookies and similar technologies — see Section 8 for details.

4 Legal Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Processing Activity Lawful Basis
Providing the Services (account management, device control, chat) Contract — necessary to perform our contract with you
Age verification and eligibility checks Legal Obligation — required under the Online Safety Act 2023
Content moderation and safety monitoring Legitimate Interests — keeping the platform safe and lawful; Legal Obligation under the Online Safety Act 2023
Activity logging for moderation and legal purposes Legal Obligation and Legitimate Interests — detecting and preventing illegal content, complying with law enforcement requests
Responding to reports and complaints Legitimate Interests — investigating disputes and protecting users
Improving the platform (aggregated analytics, feedback) Legitimate Interests — developing and improving our Services
Sending service communications (account alerts, policy updates) Contract and Legal Obligation
Sharing data with law enforcement where legally required Legal Obligation
Cookies (non-essential) Consent — obtained through our cookie notice

Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You may object to this processing — see Section 12.

5 How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing your account, and authenticating you when you log in;
  • Providing the remote device control and chat room features of the platform;
  • Verifying that you meet the minimum age requirement of 18 years;
  • Moderating content and enforcing our Terms and Conditions;
  • Detecting, preventing, and responding to illegal content, including child sexual abuse material (CSAM);
  • Investigating user reports, complaints, and disputes;
  • Sending you service-related communications, such as account security alerts or updates to our Terms or Privacy Policy;
  • Improving and developing our platform based on aggregated, anonymised usage data and user feedback;
  • Complying with our legal obligations, including disclosures required by law enforcement or regulatory authorities;
  • Protecting the rights, property, and safety of VibeSync, our users, and the public.

We do not use your personal data for automated decision-making or profiling in ways that produce legal or similarly significant effects on you.

We do not send marketing communications. If this changes, we will seek your explicit consent first.

6 Age Verification Data

As an adult platform subject to the Online Safety Act 2023, we are required to take robust measures to prevent access by minors. When you register, we collect your date of birth as part of our age verification process.

Your date of birth is retained for the lifetime of your account. This is necessary to demonstrate ongoing compliance with our age verification obligations. We do not use your date of birth for any other purpose.

If you provide a false date of birth in order to gain access to the platform, this constitutes a material breach of our Terms and Conditions and may result in account termination and referral to relevant authorities.

We may from time to time request additional age verification evidence in order to comply with regulatory requirements. In such cases, any identity documentation provided will be handled securely, used only for verification purposes, and deleted once the verification process is complete.

7 Activity Logging

As described in our Terms and Conditions (Section 8), we log certain user activity for moderation and legal compliance purposes. This section provides additional detail on how that logging works.

7.1 What Is Logged

  • All messages sent in public chat rooms are stored in our database and are accessible to authorised staff;
  • Messages sent in private rooms and direct messages may be accessed by staff where a report has been raised or where there is reasonable cause to suspect a Terms violation or illegal activity;
  • Login events, IP addresses, session durations, and device information are logged for security purposes;
  • Moderation actions (warnings, bans, mutes) are recorded in an activity log linked to your account.

7.2 Who Can Access Logs

Access to activity logs is restricted to authorised VibeSync staff operating within their moderation or administrative roles. All staff with access to personal data are bound by confidentiality obligations. We do not make activity logs available to other users.

We may disclose logged data to law enforcement or regulatory authorities where we are legally required to do so, for example in response to a valid court order, warrant, or statutory notice.

7.3 Expectation of Privacy

While we offer private rooms and direct messaging, you should not consider communications on VibeSync to be entirely private from the platform operator. We may access message content where we have reasonable cause to do so for safety, moderation, or legal compliance purposes.

8 Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the platform.

8.1 Essential Cookies

These cookies are strictly necessary for the platform to function and cannot be switched off. They include:

  • Session authentication cookies that keep you logged in;
  • Security cookies that help protect against cross-site request forgery (CSRF) attacks;
  • Cookies that remember your cookie consent preferences.

Essential cookies do not require your consent as they are necessary for the performance of our contract with you.

8.2 Functional Cookies

These cookies remember your preferences and settings to improve your experience, such as your display colour and profile emoji. They require your consent, which you can manage via our cookie notice.

8.3 Analytics Cookies

We may use analytics tools to understand how users interact with the platform, in order to identify and fix issues and improve performance. Any analytics data we collect is aggregated and anonymised where possible. These cookies require your consent.

8.4 Managing Cookies

You can manage your cookie preferences at any time through our cookie settings. You can also control cookies through your browser settings, but note that disabling essential cookies will prevent you from using the platform. Deleting cookies or clearing your browser data may also log you out of your account.

9 Data Retention

We retain your personal data for as long as is necessary for the purposes described in this policy, or as required by law. The table below summarises our key retention periods:

Data Type Retention Period Reason
Account data (username, email, date of birth) For the lifetime of the account, plus up to 30 days after deletion To provide the Services and meet age verification obligations
Chat messages (public rooms) Up to 12 months, or until deleted by a moderator Moderation, safety, and dispute resolution
Private messages and DMs Up to 12 months from the date sent Safety monitoring and legal compliance
Login and session logs (IP, device) Up to 12 months Security and fraud prevention
Moderation records (warnings, bans) Indefinitely, or until the account is deleted Platform safety and repeat-offender tracking
Reports and flagged content Up to 3 years Legal compliance and potential law enforcement cooperation
Deleted account data Up to 30 days after deletion, then permanently purged Grace period to allow account recovery; legal obligations may extend this

Where we are required by law to retain data for a longer period — for example, in connection with an active law enforcement investigation — we will retain it for as long as legally required, even if this exceeds the periods above.

10 Who We Share Your Data With

We do not sell your personal data to third parties. We may share your data in the following limited circumstances:

10.1 Service Providers

We use trusted third-party service providers to help us operate the platform, including hosting and infrastructure providers, email delivery services, and security tools. These providers act as data processors on our behalf and are contractually required to process your data only on our instructions and in accordance with applicable data protection law.

10.2 Law Enforcement and Regulatory Authorities

We will disclose your personal data to law enforcement agencies, regulatory bodies, or other third parties where we are legally required to do so, or where we reasonably believe disclosure is necessary to:

  • Comply with a legal obligation, court order, or warrant;
  • Report suspected illegal content, including child sexual abuse material (CSAM), to the Internet Watch Foundation (IWF), the National Crime Agency (NCA), or other relevant authorities;
  • Protect the rights, safety, or property of VibeSync, our users, or the public.

10.3 Safeguarding Organisations

Where we identify content that constitutes or may constitute child sexual abuse material or serious harm to a child, we are legally obligated to report it to the IWF and/or the NCA. In such cases, relevant data — including account information, IP addresses, and content — may be shared with these organisations.

10.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you of any such transfer and ensure that appropriate data protection safeguards are in place.

11 International Data Transfers

Our platform is primarily hosted and operated within the United Kingdom. Where we use third-party service providers that process data outside the UK or the European Economic Area (EEA), we ensure that appropriate safeguards are in place before any transfer takes place.

Safeguards may include:

  • Adequacy decisions made by the UK Secretary of State confirming that the destination country provides an adequate level of data protection;
  • Standard Contractual Clauses (SCCs) approved for use under UK GDPR;
  • Other legally recognised transfer mechanisms.

You can request further information about the specific safeguards we use for international transfers by contacting us at legal@vibesync.co.uk.

12 Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at legal@vibesync.co.uk.

👁️
Right of Access
Request a copy of the personal data we hold about you (also known as a Subject Access Request).
✏️
Right to Rectification
Ask us to correct personal data that is inaccurate or incomplete.
🗑️
Right to Erasure
Ask us to delete your personal data where there is no longer a lawful reason to hold it ("right to be forgotten").
⏸️
Right to Restriction
Ask us to restrict how we use your data in certain circumstances, for example while you contest its accuracy.
📦
Right to Portability
Request your data in a structured, machine-readable format where we process it on the basis of consent or contract.
🚫
Right to Object
Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds to continue.
↩️
Right to Withdraw Consent
Where we rely on consent to process your data (e.g. non-essential cookies), you may withdraw it at any time.
⚖️
Right to Complain
Lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data.

How to submit a request: Email legal@vibesync.co.uk with "Data Rights Request" in the subject line. We will respond within 30 days as required by UK GDPR. We may need to verify your identity before processing your request.

12.1 Limitations on Erasure

Your right to erasure is not absolute. We may be unable to delete certain data where retention is required by law — for example, moderation records associated with a legal investigation, or age verification data required under the Online Safety Act 2023. We will always tell you the reason if we are unable to fulfil an erasure request.

13 Security of Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure. These measures include:

  • Passwords stored as one-way cryptographic hashes — we never store your password in plain text;
  • Encrypted data transmission using HTTPS/TLS across all platform connections;
  • Access controls limiting who within VibeSync can access personal data;
  • Server-side session management with automatic expiry;
  • Regular security reviews of our platform infrastructure.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, and will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

Despite our best efforts, no data transmission over the internet is completely secure. If you believe your account has been compromised, please contact us immediately at support@vibesync.co.uk.

14 Children and Minors

VibeSync is strictly an adults-only platform. We do not knowingly collect or process personal data from individuals under the age of 18.

If we become aware that we have collected personal data from a person under 18, we will take immediate steps to delete that data and terminate the relevant account. If you believe a minor has registered on our platform, please report this immediately to safeguarding@vibesync.co.uk.

Where a minor's data has been inadvertently collected, we will cooperate with law enforcement if there is any indication that a criminal offence has been committed against or by that minor.

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page;
  • Notify registered users by email or via an in-platform notification where the changes are significant;
  • Where required by law, seek your consent before processing your data under revised terms.

We encourage you to review this policy periodically. Continued use of the Services following the publication of updated Terms constitutes your acceptance of those changes.

16 Contact Us and How to Complain

16.1 Contact VibeSync

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

VibeSync — Privacy Team

Email: legal@vibesync.co.uk

General support: support@vibesync.co.uk

Website: www.vibesync.co.uk

We will acknowledge your request within 5 business days and respond in full within 30 days as required by UK GDPR.

16.2 Complain to the ICO

If you are unhappy with how we have handled your personal data and we have not been able to resolve your concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are based in the EU and your complaint relates to cross-border processing, you may also have the right to lodge a complaint with your local data protection authority.