Privacy Policy

1. Introduction

Welcome to VibeToast. This Privacy Policy explains how HootCodes LTD ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use VibeToast (the "Service").

We are committed to protecting your privacy and ensuring transparency in how we handle your data. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name (optional), and password (encrypted)
• Payment Information: Processed securely through Stripe; we do not store your full credit card details
• Communication Data: Messages you send to our support team

2.2 Information Automatically Collected

• Usage Data: Notification metadata (task names, progress percentages, timestamps)
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, access times, pages viewed
• Cookies: Session management, preferences, and analytics (see Cookie Policy)

2.3 Information We Do NOT Collect

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve VibeToast notifications
• Account Management: To create and manage your account
• Payment Processing: To process subscriptions and payments
• Communication: To send service updates, security alerts, and support messages
• Analytics: To understand usage patterns and improve our service
• Security: To detect, prevent, and address technical issues and fraud
• Legal Compliance: To comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interest: To improve our service, prevent fraud, and ensure security
• Consent: For marketing communications (you can withdraw consent anytime)
• Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

• Stripe: Payment processing (subject to Stripe's Privacy Policy)
• Cloud Hosting: Servers and infrastructure providers
• Analytics Services: Usage statistics and performance monitoring

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at privacy@hoot.codes. We will respond within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for 90 days after deletion
• Usage Data: Retained for up to 24 months for analytics purposes
• Payment Records: Retained for 7 years for tax and accounting compliance
• Communication Records: Retained for 3 years or as required by law

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

HootCodes LTD is based in Bulgaria (EU). If you access VibeToast from outside the EU, your data may be transferred to and processed in the EU. We ensure adequate safeguards are in place for such transfers in compliance with GDPR.

10. Children's Privacy

VibeToast is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: