Privacy Policy
Last updated: April 7, 2026
In short
We collect only what we need to run our website and apps, improve them, and stay in touch with you. We use trusted partners for analytics, ads, cloud services, and subscriptions (handled by Apple). We don't sell your personal data. You have GDPR rights—and we're happy to help you use them.
Who this applies to
This Privacy Policy describes how Vibe Labs s.r.o. ("we," "us," or "our") processes personal data when you visit thevibelabs.com or use our mobile applications, including Hazel and Flick (together, the "Services"). By using the Services, you acknowledge this Policy.
Data controller and contact
Controller: Vibe Labs s.r.o.
Registered office: Čs. armády 369/7, Bubeneč, 160 00 Praha 6, Czechia
Business ID (IČO): 23452617
Email: admin@thevibelabs.com
For product-specific questions, our apps may list additional support contacts (e.g. admin@gethazel.app for Hazel). This Policy governs processing described here regardless of which contact you use.
Information we collect
Depending on how you interact with us, we may process:
2.1 You provide directly
- Account and profile: email address, name or display name, authentication credentials (processed via our providers such as Supabase).
- Communications: messages you send us (e.g. support email).
- Preferences and in-app data: settings, schedules, app-specific content you choose to store (e.g. screen time goals or photo library interactions as required by each app).
2.2 Collected automatically
- Device and technical data: device type, OS version, app version, language, identifiers allowed by the platform (e.g. advertising identifiers where permitted and with consents as required, including Apple's App Tracking Transparency prompts on iOS where applicable).
- Usage and diagnostics: feature usage, crashes, performance logs, and aggregated analytics events.
- Website logs: IP address, browser type, pages viewed, approximate timestamps (when you browse thevibelabs.com).
How we use your data
We process personal data to:
- Provide, operate, and secure the Services (including authentication and cloud sync).
- Improve reliability, fix bugs, and understand how features are used (aggregated where reasonable).
- Measure marketing effectiveness and attribute installs (where enabled).
- Show ads in free or ad-supported experiences, subject to platform settings and consent.
- Comply with legal obligations and respond to lawful requests.
- Communicate with you about updates, support, or important notices.
Legal basis for processing (GDPR)
Where GDPR applies, we rely on:
- Performance of a contract (Art. 6(1)(b)) — to deliver the Services you request.
- Legitimate interests (Art. 6(1)(f)) — security, analytics, product improvement, and fraud prevention, balanced against your rights.
- Consent (Art. 6(1)(a)) — where required (e.g. certain cookies or tracking), which you may withdraw.
- Legal obligation (Art. 6(1)(c)) — where the law requires processing.
Sharing and subprocessors
We do not sell your personal data. We share data with service providers who process it on our instructions and under appropriate agreements. Examples include:
| Category | Examples (may change) | Purpose |
|---|---|---|
| Cloud & backend | Firebase (Google), Supabase | Hosting, authentication, database, sync, crash/error reporting |
| Product analytics | Mixpanel | Event and usage analytics, funnels, and product improvement |
| Attribution & measurement | Singular | Campaign attribution, install and post-install measurement |
| Advertising | Google AdMob, AppLovin (and related partner networks as mediated) | Delivering and measuring ads in ad-supported tiers; which networks are active may depend on platform, region, or app configuration; frequency caps may apply |
On Apple platforms, personalized advertising and cross-app tracking may be subject to Apple's App Tracking Transparency (ATT). You can allow or deny tracking when prompted, and change your choice later in Settings. Google AdMob, AppLovin, and other partners follow Apple's rules and their own policies for data they process.
Payment data for subscriptions is processed by Apple via the App Store; we do not receive your full payment card number from Apple for IAP. We may receive subscription status and related identifiers from Apple or our tooling to unlock features.
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition subject to confidentiality safeguards.
International transfers
Our providers may process data in the European Union, the United States, and other countries. Where we transfer personal data outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, as required by GDPR.
Retention
We retain personal data only as long as necessary for the purposes above, including resolving disputes, enforcing agreements, and meeting legal requirements. Typical ranges:
- Account data: until you delete your account plus a reasonable backup window.
- Analytics and logs: often up to 24 months unless a shorter period is sufficient.
- Legal holds: longer where retention is required by law.
Cookies and similar technologies
Our website may use cookies and similar technologies to remember preferences, measure traffic, and improve the experience. We may add analytics tools (e.g. Google Analytics) in the future; if we do, we will update this Policy and any consent banners accordingly. You can control cookies through your browser settings.
Security
We implement organizational and technical measures appropriate to the risk—including access controls, encryption where appropriate, and vendor security reviews.
Your rights (GDPR)
Where applicable, you may have the right to:
- Access, rectify, or erase your personal data.
- Restrict or object to certain processing.
- Data portability.
- Withdraw consent where processing is consent-based.
- Lodge a complaint with a supervisory authority (see below).
To exercise your rights, contact admin@thevibelabs.com. We will respond within one month where required by law, with possible extensions for complex requests.
Children's privacy
Our Services are not directed at children under the minimum age required by applicable law (often 13 or 16 depending on jurisdiction). We do not knowingly collect personal data from children in violation of those rules. If you believe we have, please contact us.
Data protection contact
You may contact us for privacy matters at admin@thevibelabs.com.
Changes to this Policy
We may update this Policy from time to time. We will post the new version on this page and update the "Last updated" date. Material changes may be communicated via the Services or email where appropriate.
Supervisory authority
If you believe your data protection rights have been violated, you may lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ): uoou.gov.cz.
Disclaimer
This Policy is provided for transparency and general information. It is not legal advice. Please review with qualified counsel to ensure it meets your obligations (including app store and advertising requirements).