Privacy Policy

We collect as little as possible. Here's the full breakdown.

Last updated: June 12, 2026

The short version

  • Voters need no account. If you're just voting on a vibe check, we don't collect your name, email, or any personal data.
  • One small cookie per vibe check you vote on, used only to stop accidental double-votes. No tracking.
  • Account holders give us a name, email, and password. That's it.
  • No third-party tracking. No Google Analytics. No Facebook Pixel. No ads.
  • Your IP address is stored briefly with vote submissions to prevent spam. Not shared with anyone.
  • Public vibe checks are public. The questions, options, and aggregate vote counts can be seen by anyone with the link.

Everything below is the same thing in more detail.

1. What we collect

If you create an account

  • Name — displayed publicly as the author of your vibe checks
  • Email address — used to log you in and for occasional important service notifications
  • Password — stored as a one-way hash (we can't recover your password, only reset it)
  • Account metadata — when you signed up, last login, vibe checks you've created

If you create vibe checks

  • The questions, options, emojis, and titles you write
  • Whether you set them to public or private visibility
  • View counts and vote counts (aggregate, not per-voter)

If you vote on a vibe check (no account required)

  • Your vote answers — stored anonymously, never tied to your identity
  • Your IP address — stored with the vote temporarily for spam prevention (see retention section below)
  • Timestamp of when the vote was cast
  • A cookie (evibes_voted_*) — set per vibe check you vote on, lasts 30 days, used solely to show "you already voted" if you return to the same vibe check. This is a strictly necessary cookie tied to vote integrity, which is why we don't show a cookie banner.

If you use the iOS app

  • The app generates a random anonymous ID (UUID) stored only on your device, sent with each vote to prevent duplicates. We have no way to link this ID to your real identity.
  • The app doesn't collect device IDs, advertising identifiers, location, contacts, or any other personal data.

If you visit kiosk / public results pages

  • Standard web request data (IP, browser type, page visited) — held briefly in our web server's access logs, then rotated out
  • No cookies set for viewing-only sessions

2. What we DON'T collect

To be explicit, eVibes does NOT:

  • Run Google Analytics, Facebook Pixel, Hotjar, or any third-party tracking
  • Sell or share your data with advertisers, data brokers, or anyone else
  • Use cross-site tracking, fingerprinting, or behavioral profiling
  • Collect your location (GPS or otherwise)
  • Read your contacts, calendar, photos, microphone, or camera
  • Store your password in recoverable form
  • Link vote responses to specific user identities
  • Show ads

3. How we use your information

We use the data we collect only for:

  • Running the service — authenticating you, displaying your vibe checks, counting votes
  • Preventing abuse — IP addresses and cookies are used for casual anti-spam measures
  • Communicating with you — password resets, security alerts, occasional important service updates (we don't send marketing emails)
  • Improving the service — looking at aggregate, non-identifying patterns (e.g. "people use category X more than category Y")
  • Complying with law — if we're legally required to retain or disclose data

We don't use your data to train AI models, build advertising profiles, or sell anything to anyone.

4. How long we keep your data

  • Account data — kept until you delete your account
  • Vibe checks you created — kept until you delete them or your account
  • Anonymous vote responses — kept as long as the parent vibe check exists, because they're part of the aggregate result
  • IP addresses on vote responses — kept for up to 90 days for abuse investigation, then cleared
  • Web server access logs — rotated/deleted automatically within 30 days
  • Cookies — the vote-tracking cookies expire after 30 days; the session cookie ends when you log out or close your browser

5. Who we share your data with

The short answer: almost no one.

The longer answer: we only share data when one of these applies:

  • Public information — vibe checks you mark as public, including their questions, options, and aggregate vote counts, are visible to anyone with the link or via the trending feed. Your name (as account holder) appears as the author.
  • Service providers we depend on — our web hosting provider (Namecheap) stores our database and serves the site; the QR code generation service (api.qrserver.com) renders the QR codes on share/results pages. These providers may briefly process technical data but don't have access to identifiable user data beyond what's required to deliver their service.
  • Legal compliance — if required by a valid legal process (subpoena, court order, government request that complies with applicable law)
  • Protecting eVibes or others — if there's a credible threat of harm, fraud, or abuse
  • Business transfers — if eVibes is ever acquired, your data may transfer to the new owner under these same terms

6. Your rights and choices

You have the right to:

  • Access — see what data we have about you (mostly just your account profile and the vibe checks you've created)
  • Correct — update your name, email, or password from your account
  • Delete — remove your account and your vibe checks at any time
  • Export — download your vibe check results as CSV from the results page
  • Object — stop using the service at any time without consequence

For users in the EU/UK (GDPR)

You also have rights under GDPR to data portability, restriction of processing, and to lodge a complaint with your local data protection authority. Our legal basis for processing your data is legitimate interest (running the service) and consent (where you've signed up for an account or submitted a vote).

For users in California (CCPA/CPRA)

You have the right to know what personal information we collect, to delete it, and to opt out of any "sale" of your data. We don't sell your data, so the opt-out is automatic. To exercise any of these rights, contact us.

7. How we secure your data

We take reasonable measures to protect your data:

  • HTTPS encryption for all traffic between your browser and our servers
  • Passwords stored as one-way hashes using industry-standard algorithms
  • Database access restricted to authorized personnel and applications
  • Regular software updates and security patches

That said, no system is 100% secure. If we ever discover a data breach affecting your information, we'll notify you within a reasonable time and as required by applicable law.

8. Children's privacy

eVibes is not directed at children under 13. We don't knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we'll delete it.

9. International users

eVibes is hosted in the United States. By using the service, users outside the US understand that their data is processed in the US. We take reasonable steps to protect data in accordance with applicable laws regardless of where you're located.

10. Changes to this policy

We may update this policy occasionally. When we make material changes (especially anything that affects how we collect or use data), we'll post the updated version here and update the "Last updated" date. For significant changes, we'll do our best to notify account holders by email.

11. Contact us

Questions about this policy or your data? Reach out via the contact information on our About page. We respond to data requests within 30 days.

Bottom line: eVibes is built on the principle that you shouldn't have to give up your privacy to participate in a casual vibe check. We collect the minimum needed to run the service, store it carefully, and never sell it. See our Terms of Service for the rules of using eVibes.