Privacy Policy

Last updated: December 2025

Introduction

Welcome to VibeAudits. We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services, visit our website, or contact us.

Data Controller

VibeAudits is a service provided by Neolyth. For questions about data processing, the data controller is:

Neolyth

Graafsweg 274

6532 ZV Nijmegen

Netherlands

Email: data@neolyth.io

Data We Collect

We collect personal data only when necessary to provide our services:

  • Contact Information: Name and email address when you submit forms or contact us.
  • Payment Information: Payment details processed securely via Stripe. We do not store full card details.
  • Code and Project Files: Source code and project files you submit for audit purposes.
  • Technical Information: IP address, browser type, operating system, and connection time for security purposes.
  • Usage Analytics: Anonymous usage data to improve our services and user experience.

How We Use Your Data

Your data is used for the following purposes:

  • Process and deliver audit services you have purchased.
  • Communicate with you about your orders, inquiries, and service updates.
  • Improve our services, website, and user experience.
  • Comply with legal obligations and enforce our terms.
  • Protect against fraud, abuse, and security threats.

Data Sharing and Processing

We do not sell your personal data. We share data only with:

  • Stripe: Payment processing. Stripe processes payments securely and has its own privacy policy.
  • Subprocessors: We self-host most of our services on our own infrastructure in Nijmegen, Netherlands. In some cases, data may be processed by our subprocessors such as AWS or IONOS Germany.

International Data Transfers

Our servers are primarily located in Nijmegen, Netherlands. Some services may use subprocessors in other EU locations (such as IONOS Germany) or occasionally outside the EU (such as AWS). All transfers comply with GDPR requirements through Standard Contractual Clauses where applicable.

Data Retention

  • Contact form submissions: Retained as long as necessary to respond to your inquiry.
  • Audit materials: Deleted upon request after audit completion, or within 90 days of project completion.
  • Payment records: Retained as required by tax and accounting laws (typically 7 years).
  • Analytics data: Anonymized and aggregated after 90 days.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request corrections to any inaccurate information.
  • Right to Erasure: Request deletion of your personal data, subject to legal requirements.
  • Right to Restriction: Request that we limit the processing of your data under certain conditions.
  • Right to Portability: Request transfer of your data to another organization, where technically feasible.
  • Right to Object: Object to the processing of your personal data for certain purposes.

To exercise these rights, contact us at data@neolyth.io. We will respond within 30 days of receiving your request.

Data Security

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all data transmission.
  • Strict access controls to servers and data.
  • Regular security updates and patches.
  • Code submitted for audits is handled with strict confidentiality.

Cookies and Tracking

We use essential cookies for website functionality and may use analytics cookies to improve our services. You can control cookie preferences through your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Contact Us

For privacy-related questions or to exercise your rights, please contact us at: data@neolyth.io