This policy explains what data we collect, why we collect it, and how you can control it. We aim to collect only what we need.
The short version
Vibesim ("we," "us," "our") is an AI-powered web editor and community platform operated by CoponStackos. This Privacy Policy applies to all services available at vibesim.coponstackos.com and associated subdomains.
Account Information
When you register, we collect your username, password (stored as a bcrypt hash), and optional bio and avatar image. We never store your password in plain text.
Project Content
We store the code, files, screenshots, and metadata you create within Vibesim. Public projects are accessible to anyone; private projects remain confidential to your account.
Usage & Activity Data
We collect records of project saves, version history, likes, comments, follows, view counts, and AI credit usage. This data powers features like the community feed, storage tracking, and the Popularity Bonus system.
IP Addresses & Browser Fingerprints
We collect and store IP addresses and browser fingerprints for security purposes. This helps us:
Browser fingerprints are derived from technical data your browser sends (screen resolution, installed fonts, WebGL capabilities, canvas rendering) and are hashed for privacy. We do not use cookies for tracking.
AI Interaction Data
When you use AI features, your prompts are processed by third-party AI providers (Google, Groq, etc.). These providers may retain data according to their own privacy policies. We store your credit usage logs but not the full content of AI exchanges.
API Keys — BYOK & BYOP
VibeSim supports two types of user-supplied API keys, handled differently:
Standard BYOK keys
Your API keys are stored exclusively in your browser's local storage and are not persisted on our servers. When you make an AI request using a BYOK key, the key is transmitted to our backend for the duration of that request only, so our servers can route the request to the third-party provider on your behalf. Once the request completes, the key is not retained.
Pollinations API keys (BYOP)
Because Pollinations requests are proxied through our backend on an ongoing basis, your Pollinations API key is stored server-side in encrypted form. It is accessible only to our backend infrastructure and is used solely to authenticate requests to Pollinations' API on your behalf. It is deleted immediately when you delete your account.
Technical Data
Standard server logs capture IP addresses, browser user agents, request timestamps, and fingerprint hashes. This data is used for security monitoring, rate limiting, and abuse prevention. Logs are retained for up to 90 days.
We use the data we collect to provide, maintain, and improve the VibeSim platform; to authenticate your identity and secure your account; to compute and display your storage usage, view counts, and community engagement metrics; and to detect and prevent fraud, abuse, and technical attacks.
We also use it to enforce our Community Rules and Terms of Service, including applying updated rules to previously posted content where necessary for moderation purposes; and to send you essential service communications such as account verification, security notices, and geographic restriction updates. We do not send marketing emails without your explicit consent.
We analyze aggregate, anonymized usage patterns — such as which AI models are used most frequently and how credits are consumed — to inform decisions about model availability, credit costs, and platform sustainability. This analysis is performed on aggregated data and does not result in individual profiling.
To maintain platform integrity, we associate IP addresses and browser fingerprints with user accounts. When a user is banned, we may prevent new account creation from the same IP addresses or fingerprints.
If you are banned, attempting to create a new account from the same IP address or with the same browser fingerprint will be blocked. This is a necessary measure to prevent ban evasion and repeated abuse of the platform.
We may also identify related accounts (multiple accounts sharing IP addresses or fingerprints) for administrative purposes, such as investigating abuse patterns or enforcing storage limits fairly.
VibeSim does not perform ID-based or biometric age verification, and we do not collect government-issued identity documents or facial recognition data. This is by design: we believe these systems pose disproportionate privacy risks to users.
As a consequence, users in jurisdictions that mandate such systems are prohibited from using this service. See the Terms of Service, Section 2, for the current list. We do not use IP geolocation to proactively block access, but by registering you represent that you are not located in a restricted jurisdiction.
If your country is added to the restriction list after you have created an account, we will notify you by email and provide reasonable time to export your data before access is suspended.
We do not sell your personal data. We share it only with infrastructure providers such as our hosting and database provider, who process data on our behalf and are contractually bound to protect it; with AI model providers when you use AI features, where your prompts are sent to the relevant API; with Pollinations' endpoints when you use a Pollinations key; and with law enforcement or authorities when required by law, court order, or to protect the safety of users or the public.
Public project content including code, screenshots, and titles is visible to all users and anonymous visitors by design.
VibeSim uses a JWT authentication token stored in localStorage to keep you logged in. It expires after a set period and is only used for requests to our own API. Editor preferences such as theme, layout, and settings are also stored locally in your browser. Standard BYOK keys you configure are stored in localStorage and are not sent to our servers except during individual API requests, as described in Section 2.
We do not use third-party tracking cookies or advertising cookies.
We retain your data for as long as your account is active. When you delete your account, your profile, projects, and public content are removed from the platform within 30 days. Any server-side stored API keys such as Pollinations keys are deleted immediately. IP addresses and fingerprint associations are retained for up to 90 days for security purposes. Anonymized, aggregated usage statistics may be retained indefinitely. Certain data may be retained longer when required by law or for legitimate abuse-prevention purposes.
Depending on your location, you may have the right to access a copy of the data we hold about you, to request correction of inaccurate information, to request deletion of your account and associated personal data, to request a portable export of your projects and content, and to object to certain processing of your data.
To exercise any of these rights, contact us at privacy@vibesim.coponstackos.com. We will respond within 30 days.
We implement reasonable technical and organizational measures to protect your data. These include HTTPS encryption for all data in transit, bcrypt password hashing, JWT-based authentication with expiration, encryption at rest for server-side stored API keys, and project sandbox isolation to prevent cross-project data access.
No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to security@vibesim.coponstackos.com before public disclosure.
VibeSim is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such data, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data should contact us immediately.
We may update this Privacy Policy as our practices change or as required by law. We will update the effective date at the top and notify users of material changes via the platform or email. Geographic restriction updates will always be communicated by email to existing users before they take effect. Your continued use of VibeSim after changes are posted constitutes acceptance of the updated policy.
Vibesim · Privacy Policy · v1.1 Effective 5/4/2026
Contact: privacy@vibesim.coponstackos.com · security@vibesim.coponstackos.com