VIBEX

Legal

Privacy Policy

Last updated: April 12, 2026. This policy describes how Vibex collects, uses, stores, and shares information when you use our websites, mobile apps, and related services at vibex.music (together, the “Service”).

By creating an account or using the Service, you acknowledge this policy. If you do not agree, do not use the Service. Additional rules may appear inside the app (for example, feature-specific prompts or store terms). This document is provided for transparency and to support platform requirements (including disclosures for permissions such as microphone access); it is not personalized legal advice.

Who operates Vibex

Vibex (“Vibex”, “we”, “us”, “our”) is the operator of the Vibex brand, the Vibex mobile applications (for example on Android and iOS), and the website and application experience served from https://vibex.music. We act as the data controller for personal information described in this policy, unless we state otherwise (for example, where a partner processes data solely on their own behalf). The legal name and postal address of the controller appear on your platform’s store listing (Google Play / Apple App Store) for Vibex and should be considered part of this disclosure for regulatory purposes.

How the Service works

Vibex is a social karaoke and community platform. In practical terms, the Service typically lets you:

  • Sing and practice: Choose backing audio (often linked to publicly available music catalogs such as YouTube), see lyrics where available, and use your device microphone for real-time singing, optional recording, and feedback such as pitch coaching and scoring.
  • Upload and process performances: Send audio or video (depending on the feature) to our servers for processing such as mixing, enhancement, rendering, scoring, caching, or storage so you can review, edit, or publish content.
  • Participate socially: Maintain a profile, follow or friend other users, chat in channels or direct messages, react to posts, share a gallery, join events, appear on leaderboards, earn badges, quests, experience points, and in-app currency where those features are enabled.
  • Use broader community modules: Depending on configuration and your account, you may access additional areas such as cultural content, recipes, dictionary or history material, lineage tools, directory listings, notifications, bug reporting, and administrative tools for authorized staff.

The client apps communicate with our backend primarily over HTTPS using a GraphQL API at our domain. When you sign in, the app stores a session token locally and sends it with requests so the server can identify your account. Account data and much of your content are stored in our databases (for example MongoDB in our production architecture). Media and derived files may be stored on server disks or object storage as needed to operate features you use.

Information we collect

We collect information in three main ways: you provide it, we generate it when you use features, and we receive technical data from your device or network.

Account and profile

  • Credentials and identifiers: email address, password (stored using industry-standard hashing on the server—not plain text), username, and internal user IDs.
  • Profile and preferences: display name, biography, profile photo, optional demographic or profile fields you choose (such as city, occupation, or relationship status where offered), karaoke and UI preferences, notification preferences, and similar settings.
  • Optional verification or fulfillment data: where you participate in programs that require it (for example physical rewards or certain directory features), we may collect shipping-related contact details, age, or other fields you submit through the relevant flow.

Content you create or upload

  • Posts, performances, comments, reactions, thoughts, gallery items, event RSVPs, recipes, messages, and other user-generated content.
  • Metadata tied to that content: timestamps, song or YouTube identifiers, scores, badges, visibility settings, and moderation or safety records if applicable.

Audio, video, and derived technical data

  • Voice audio from the microphone when you use singing, coaching, transcription, or recording features.
  • Video or rendered outputs when you use features that capture or produce video.
  • Derived signals produced on-device or on servers, such as pitch traces, timing alignment, quality scores, transcripts from automated speech recognition, and debugging logs tied to processing jobs.

Social graph and communications

  • Friend requests, friendships, follows, blocks, and similar relationships.
  • Chat and direct message content, read receipts where implemented, and online presence or last-seen style indicators when those features are active.
  • Notifications you receive or dismiss, including push notification tokens when you enable push.

Technical, usage, and support

  • Device and app data: app version, operating system, device type, language, and coarse diagnostic information.
  • Network and security data: IP address, request timestamps, authentication success or failure signals, rate limits, and abuse-prevention telemetry.
  • Bug reports or feedback you submit, which may include screenshots, descriptions, and account identifiers.

Microphone, audio, video, and media processing

Android: Our app declares RECORD_AUDIO because microphone access is essential to karaoke, live coaching, scoring, and optional recording flows. iOS: equivalent microphone permission is requested for the same reasons. We do not use the microphone to listen for unrelated background surveillance. Audio is captured in connection with features you engage with (for example an active sing session or an explicit recording action).

When you upload files or complete a session, audio or video may be transmitted to our servers. Servers may run pipelines such as FFmpeg for decode, encode, separation, leveling, rendering, or export. Optional speech-to-text may use automated speech recognition on our infrastructure (for example open-source Whisper-style models) to produce text or timing aligned with your performance—not to train unrelated third-party consumer models unless we separately notify you and, where required, obtain consent.

Where the Service integrates YouTube or similar providers for backing tracks or metadata, your use of that content is also subject to the provider’s terms and privacy notices. We may process YouTube video identifiers, titles, thumbnails, and related metadata to operate playback, lyrics, leaderboards, and caching.

On some platforms we may request storage-related permissions so you can import or export media; those permissions are used for file access tied to features you use.

Accounts, authentication, and activity

We use your email and password (or any future sign-in methods we enable) to create and secure your account. After sign-in, a token is stored on your device (for example in secure storage on mobile or browser storage on web) and sent as a Bearer credential to our API. You can end a session by signing out, which clears local tokens on the device; server-side records may remain according to our retention practices below.

Social features, community content, and visibility

Many features are inherently social. Information you post to public areas (feeds, leaderboards, public events, or open chat rooms) may be visible to other users and indexed or displayed in the app or on the web. You should not post sensitive personal information you do not want others to see. Direct messages and friend-only content are restricted by design, but no online service is risk-free—avoid sharing secrets or highly sensitive data in chat.

Where the Service supports “request contact info” or similar flows, sharing is based on your choices and the recipient’s acceptance; we log those requests as needed for safety and support.

Third-party services and integrations

We rely on and may share limited data with categories of third parties, including:

  • Infrastructure providers: hosting, DNS, TLS certificates, databases, backups, logging, and email delivery.
  • Music and media platforms: for example Google / YouTube for identifiers, playback, or metadata subject to their policies.
  • Embedded media search: where enabled, clients may call third-party APIs (for example Giphy) to fetch GIFs or stickers; those requests are governed by the third party’s terms.
  • App stores: Google Play and Apple App Store process installation, payments for subscriptions or purchases (if any), crash diagnostics, and account data according to their policies.

We require service providers to use information only as instructed, but their own privacy statements also apply where they act as independent controllers (for example payment processors or app stores).

Cookies, local storage, and device data

On the web, we and our hosting stack may use cookies or similar technologies needed for session continuity, security, load balancing, or preferences. On mobile, comparable data may be stored in app sandboxes or secure storage. You can often clear site data through browser settings or reinstall the app to remove local caches; that may sign you out or remove offline content.

How we use and share information

We use personal information to:

  • Provide, operate, maintain, and improve the Service and its features.
  • Authenticate users, prevent fraud, enforce policies, and protect safety and security.
  • Personalize content such as recommendations, coaching, quests, or leaderboards.
  • Communicate with you about the Service, including transactional messages, support responses, and—where allowed—product updates.
  • Comply with legal obligations and respond to lawful requests from public authorities.
  • Aggregate or de-identify data for analytics, benchmarking, or product planning where permitted by law.

We may disclose information to courts, regulators, or others when we believe in good faith that disclosure is required by law or necessary to protect rights, property, or personal safety. If we ever undertook a merger, acquisition, or asset sale, personal information may transfer as part of that transaction subject to this policy or successor notice.

Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR or comparable laws apply, we rely on one or more of the following legal bases:

  • Contract: processing necessary to provide the Service you request (account, karaoke, social features).
  • Legitimate interests: securing the Service, debugging, analytics that do not override your rights, and improving features, balanced against your expectations.
  • Consent: where we ask for optional processing (for example certain marketing or sensitive categories where the law requires consent).
  • Legal obligation: retaining records or responding to lawful demands.

Retention and security

We retain information for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, comply with law, and maintain backups. Some server-side media or logs may have shorter technical retention (for example temporary transcoding directories) while other content remains until you delete it or delete your account, subject to legal holds.

We implement administrative, technical, and physical safeguards appropriate to the nature of the data. No method of transmission or storage is completely secure; you use the Service at your own risk to that extent.

Your rights and region-specific notices

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of certain personal data, and to object to processing or withdraw consent where processing was consent-based. You can manage much of your profile and content inside the app. For other requests, use the contact options listed below. We may need to verify your identity before fulfilling requests.

California (USA): California residents may have additional rights under the CCPA/CPRA, including rights to know categories of personal information collected, to delete personal information subject to exceptions, to correct inaccuracies, and to opt out of certain “sharing” or “sales” as defined by California law. We do not knowingly sell personal information of minors under 16 without affirmative authorization. You may designate an authorized agent where permitted; we may require proof of agency.

European Economic Area, United Kingdom, Switzerland: you may have the rights described above and the right to lodge a complaint with a supervisory authority. If we rely on legitimate interests, you may object where grounds relate to your particular situation.

Children

The Service is not directed to children under 13 (or the higher minimum age required in your jurisdiction), and we do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided us with personal information, contact us using the information below so we can take appropriate steps.

International transfers

We may process and store information in the United States and other countries where we or our providers operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

Changes and contact

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, where changes are material, provide additional notice as required by law or app store rules (for example an in-app prompt or email).

Contact: For questions about this policy or to exercise privacy rights, use the contact options shown on the Google Play or Apple App Store listing for Vibex, or in-app feedback and support channels where available. If you contact us, include the email address associated with your account and a clear description of your request.