Skip to content
ViberClaw← Back to home

Legal

Privacy Policy

We collect only what we need to run the platform. We store it securely. We never sell it, share it with advertisers, or use it for anything outside of operating ViberClaw.

Last updated: February 2026

01 — Overview

Our commitment to your privacy

ViberClaw is a marketplace, not an advertising platform. Your data exists to make the platform work — not to be monetised, profiled, or sold.

  • We collect the minimum data required to operate the marketplace, process payments, enforce platform rules, and resolve disputes.
  • We do not sell, rent, or trade your personal data to any third party under any circumstances.
  • We do not use your data for advertising — neither on ViberClaw nor through third-party ad networks.
  • We do not build behavioural profiles or resell usage analytics about individual users.
  • By creating an account, you agree to this Privacy Policy. If you disagree, please do not use the platform.

02 — Data collection

What data we collect

We collect data in three ways: information you provide directly, information generated by your use of the platform, and information provided by third-party services you connect.

Information you provide

  • Account details: Email address, full name, and password (stored as a secure hash, never in plain text).
  • Profile information: For vibecoders: skills, AI capabilities, project preferences, portfolio links, case studies, and a profile photo. For founders: company name, role, website, location, timezone, and hiring focus.
  • Project data: Project titles, descriptions, scope, acceptance criteria, milestone details, budgets, and all content submitted through project creation forms.
  • Bid content: The text and amounts included in bids submitted by vibecoders.
  • Messages: All messages sent through the in-app chat system. These are stored and attached to their project context.
  • Work submissions: Repository links, commit and PR references, preview URLs, and submission notes submitted for milestone review.
  • Dispute content: Written statements, offer amounts, notes, and evidence files uploaded during Level 1 and Level 2 disputes.
  • Reviews: Public review text submitted at project completion.

Information generated by platform use

  • Activity logs: Timestamps and records of key platform actions — bids submitted, milestones approved, disputes opened, payments released — for audit and dispute resolution purposes.
  • Session data: Authentication tokens and session identifiers to keep you logged in securely.
  • Usage patterns: Aggregate, anonymised data about how features are used, to improve the platform. This data cannot be tied back to an individual user.
  • IP address: Logged at authentication events for security and fraud detection. Not used for tracking.

Information from third-party services

  • Payment processor: We receive confirmation and transaction identifiers from our payment processor (Stripe). We do not store card numbers or full payment instrument details. Stripe's privacy policy governs their data handling.
  • Authentication provider: If you sign in with a social provider, we receive only the data needed to create your account (email and display name).

03 — Data use

How we use your data

Every piece of data we collect is used for a specific operational purpose. We do not process data beyond what is necessary for that purpose.

Purpose — data used

Operating your account

Email, name, profile details, session token.

Running the marketplace

Project data, bids, profiles, messages.

Processing payments & escrow

Transaction identifiers, milestone amounts, payout instructions.

Resolving disputes

Submission history, revision history, messages, dispute statements, evidence files.

Generating audit trails

Activity logs, milestone events, payment events.

Security & fraud prevention

IP address at auth events, session data, activity anomalies.

Improving the platform

Anonymised, aggregated usage statistics only.

Communicating with you

Email address — for transactional notifications only (account events, payment confirmations, dispute updates). No marketing without explicit opt-in.

04 — Hard limits

What we will never do with your data

These are absolute limits. No business reason, partnership, or future policy change will override them without explicit advance notice and your consent.

  • No selling: We will never sell your personal data to any third party, data broker, or marketing company under any circumstances.
  • No advertising: We do not serve ads on ViberClaw. We do not share your data with advertising networks, retargeting platforms, or social media ad systems.
  • No profiling for profit: We do not build detailed profiles of individual users for commercial purposes or licence those profiles to others.
  • No sharing without reason: We do not share your personal data with third parties except the narrow category of trusted service providers required to operate the platform (see Third-party services), and only under binding data-processing agreements.
  • No sharing with other users beyond what you post: Your email address, payment details, and private messages are never visible to other users. Only information you explicitly add to your public profile is visible to others.
  • No government disclosure without notice: If we are compelled by law to disclose your data, we will notify you as far in advance as the law permits, unless we are legally prohibited from doing so.

05 — Storage & security

Where your data is stored and how it is protected

We use infrastructure-grade services to store and protect your data. We apply security best practices at every layer.

  • Database: All platform data is stored in Supabase (PostgreSQL). Data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
  • File storage: Evidence files and attachments uploaded during disputes or messaging are stored in Supabase Storage with access controlled by per-user authentication policies. Files are not publicly accessible by URL without an authenticated session.
  • Passwords: Passwords are never stored in plain text. They are hashed using bcrypt before storage. ViberClaw staff cannot read your password.
  • Payment data: Card numbers and payment instrument details are processed and stored entirely by Stripe. ViberClaw stores only transaction reference IDs and amounts.
  • Access controls: Database access is restricted by role-level security policies. Each user can only read and write their own data. Admin access is strictly limited and audited.
  • Breach notification: In the event of a data breach that affects your personal information, we will notify you by email within 72 hours of becoming aware of it, as required by applicable data protection law.

06 — Cookies

Cookies and local storage

We use cookies and browser storage strictly for platform functionality. We do not use tracking cookies or third-party analytics cookies.

Cookie types in use

Session cookies

Essential

Used to keep you authenticated. Without these, you would be logged out on every page load. These cannot be disabled without breaking the platform.

Local storage (preferences)

Functional

Used to remember UI state — such as which marketplace projects you have seen or notification read status. Stored in your browser only, not on our servers.

Analytics cookies

None

We do not use Google Analytics, Meta Pixel, Hotjar, or any other third-party analytics or tracking script.

Advertising cookies

None

We use no advertising or retargeting cookies of any kind.

07 — Third-party services

Third-party services we use

We work with a minimal set of trusted infrastructure providers. Each receives only the data it needs to perform its function, and each is bound by a data-processing agreement.

Supabase

Database, authentication, and file storage

All user and platform data. Supabase processes this data on our behalf under a data-processing agreement.

Stripe

Payment processing

Payment instrument details (handled entirely by Stripe — ViberClaw never touches card numbers). Transaction confirmations and identifiers are returned to us.

Vercel / hosting provider

Platform hosting and CDN

Standard web server request logs (IP, timestamp, endpoint). These are not used for tracking and are retained for a maximum of 30 days.

We do not use any social media plugins, embedded share buttons, or external fonts that could leak your browsing behaviour to third parties.

08 — Retention

How long we keep your data

We keep data for as long as it is needed for its original purpose, or as required by law. We do not retain data indefinitely.

  • Active account data: Kept for the lifetime of your account. You can request deletion at any time (see Your rights).
  • Project and milestone records: Retained for 3 years after project completion to support dispute resolution, tax records, and platform integrity. After that, records are anonymised or deleted.
  • Financial transaction logs: Retained for 7 years as required by financial regulations. These records are anonymised where legally permitted.
  • Dispute evidence files: Retained for 3 years after dispute resolution, then deleted.
  • Messages: Retained while the project is active and for 1 year after project completion, then deleted or anonymised.
  • Authentication logs (IP): Retained for 90 days for security purposes, then deleted.
  • Deleted accounts: When you delete your account, your personal data is deleted or anonymised within 30 days. Some anonymised records (e.g. aggregate financial data) may be retained for audit purposes with no link to your identity.

09 — Your rights

Your data rights

You have meaningful control over your personal data. We will honour all valid requests promptly and without charge.

Access

Request a copy of all personal data we hold about you. We will provide it in a machine-readable format within 30 days.

Correction

Request that inaccurate or incomplete data be corrected. Most profile data can be updated directly in your account settings.

Deletion

Request deletion of your account and personal data. Some data may be retained in anonymised form where legally required (e.g. financial records).

Portability

Request an export of your data in a structured, machine-readable format (JSON or CSV) to take with you.

Restriction

Request that we stop actively processing your data while you dispute its accuracy or our right to use it.

Objection

Object to processing of your data in cases where we rely on legitimate interest rather than consent as the legal basis.

Withdraw consent

Where we rely on your consent to process data (e.g. marketing emails), you can withdraw it at any time. Withdrawal does not affect prior lawful processing.

Complaint

Lodge a complaint with your local data protection authority if you believe we have mishandled your data. We would prefer you contact us first so we can resolve it directly.

To exercise any of these rights, contact us through the in-app support channel or via the contact page. We will respond within 30 days. We may need to verify your identity before processing requests that involve sensitive data.

10 — Minors

Children and minors

ViberClaw is a professional services marketplace. You must be at least 18 years old — or the age of legal majority in your jurisdiction if that is higher — to create an account and use the platform.

We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and believe your child has created an account, contact us immediately. We will delete the account and all associated data without delay.

11 — Policy changes

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the platform, applicable law, or industry standards. We will always post the updated version here with a revised date.

For material changes — those that affect how we collect, use, or share your personal data in a way that is less protective than this policy — we will notify you by email at least 14 days before the change takes effect. You may delete your account if you do not agree with the updated terms.

Continued use of the platform after a change takes effect constitutes acceptance of the updated policy.

12 — Contact

Data protection contact

If you have any questions about this Privacy Policy, want to exercise your data rights, or believe we have handled your personal data incorrectly, please reach out. We take privacy seriously and will respond promptly.

Email us at info@amadia.uk. For formal legal notices, include "Data Protection" in the subject line. We will respond within 30 days.

Back to homeRead Terms of Service