Privacy Policy
Last updated: May 11, 2026. This policy describes the actual data flow for VibeCorp, not a ceremonial wall of legal fog.
What data is collected
VibeCorp collects gameplay and product analytics through PostHog. These events may include page views, button clicks, milestone unlocks, card-generation actions, share actions, ad-slot events, session information, device/browser information, and approximate technical metadata such as referrer and screen size.
Sentry collects error reports when the app crashes or behaves incorrectly. Error reports may include stack traces, browser details, URL paths, timestamps, and technical context needed to debug the problem.
Supabase stores authentication state and save data. By default VibeCorp creates an anonymous auth session so progress can sync. If you upgrade your account, Supabase stores the account method you use, such as email or OAuth identity metadata. Save data can include cash, upgrades, hires, milestones, prestige history, daily streaks, cards, settings, and other game progress.
Generated card features store card metadata and generated assets. This includes milestone IDs, rarity, prompt metadata, model used, timestamps, storage URLs, and generation status. Leaderboard features, when used, store submitted scores and the validation context needed to reject nonsense.
Why the data is used
Analytics help measure whether people understand the game, return after the first session, use sharing, claim rewards, or immediately vanish after meeting the cash counter. Error reports help debug crashes and broken flows. Auth and save data let players keep progress across reloads and devices. Card and generation data support the collection system. Leaderboard data exists so leaderboards can rank real progress instead of whoever found the easiest way to lie to JavaScript.
Third parties
VibeCorp uses Vercel for hosting and web analytics infrastructure, Supabase for auth, database, realtime, and storage, PostHog for product analytics, Sentry for error monitoring, fal.ai for AI card generation, Google AdSense for display ads, and AppLixir for rewarded ad flows if enabled in later phases. These providers process data according to their own terms and privacy policies. They are used because running an entire internet company from a single file sounded efficient until anyone tried it.
Cookies and local storage
Supabase may use cookies or similar browser storage to keep your auth session active. VibeCorp also uses localStorage for local save persistence and small UI state markers. Google AdSense may use cookies or similar technologies to serve and measure ads. AppLixir may use cookies or similar technologies for rewarded ads if those placements are enabled. Blocking cookies or storage may make saves, sign-in, ads, or sync less reliable. The game will remain emotionally available.
User rights
You can export your local save from Settings using Export Save. For access, deletion, export, or account-data questions, contact hello@playvibecorp.com. Deletion requests may require enough information to identify your account or save. If you only played anonymously and cleared browser storage, there may be nothing useful left to find. This is not philosophy; it is storage.
Children
VibeCorp is not directed at children under 13, and children under 13 are not allowed to use it. The game contains jokes about startups, advertising, account systems, and incentives. Children deserve better jokes and fewer dashboards.
Contact
Questions or deletion requests can be sent to hello@playvibecorp.com.