Privacy Policy

Privacy Policy

Effective Date: January 1, 2026 • Last Updated: January 30, 2026

1. Introduction

This Privacy Policy describes how Northbase Ltd (“we,” “our,” or “us”) collects, uses, and protects your information when you use VibeSonic (the “App”). VibeSonic is a standalone macOS application designed with privacy as a core principle. By using VibeSonic, you agree to the collection and use of information in accordance with this policy.

Contact Information:

• Company: Northbase Ltd

• Email: team@vibesonic.ai

• Data Protection Officer: team@vibesonic.ai

2. Our Privacy-First Approach

2.1 Standalone Application

VibeSonic is designed as a standalone desktop application. There are no user accounts to create, no cloud sync, and no centralised server storing your data. Your transcriptions, notes, and audio recordings remain on your device under your control.

2.2 Bring Your Own Key (BYOK)

Pro users who wish to use cloud-based AI services connect directly to third-party providers using their own API keys. VibeSonic does not proxy, intercept, or store any data transmitted to these services.

2.3 Voice and Audio Data

Your voice recordings and audio data are processed either locally on your device (using local transcription models) or transmitted directly to third-party AI providers when using the BYOK feature. We never receive, access, or store your audio recordings or transcription content.

3. Information We Collect

3.1 Information Collected When You Purchase

When you purchase a Pro license through our payment providers:

• Email address: Used to deliver your license key and send important product updates

• Order information: Transaction ID and purchase date for license validation

Note: Full payment details (credit card, billing address, etc.) are collected and processed by our payment providers (LemonSqueezy, Gumroad) and are not shared with us.

3.2 Anonymous Usage Statistics (Optional)

If you opt-in to anonymous usage statistics in the App settings, we may collect:

• Aggregated word count of transcriptions (not the content itself)

• App version and macOS version

• Feature usage patterns (which features are used, not what content is created)

• Crash reports and error logs

This data is linked to an anonymous device identifier and cannot be used to identify you personally or reconstruct your content. You can disable this at any time in Settings.

3.3 License Validation

When validating your Pro license, we collect:

• License key: To verify your purchase and entitlement

• Device identifier: An anonymous hardware ID used solely for enforcing the device limit of your license (e.g., 2 devices per license)

Legal basis (GDPR): Processing is necessary for the performance of a contract (license agreement) and our legitimate interest in preventing license abuse.

4. Information We Do NOT Collect

We explicitly do not collect:

• Your audio recordings or voice data

• Your transcription content or text output

• Your notes, tasks, or any content you create

• Your API keys for third-party services

• Personal information beyond email (from purchases)

• Browsing history or data from other applications

• Location data

• Microphone audio except when you initiate recording

5. How We Use Your Information

5.1 License Management

• License Delivery: Send your license key to your email address

• License Validation: Verify your license is valid and within device limits

• Customer Support: Respond to support inquiries related to your purchase

5.2 Product Communications

• Product Updates: Notify you of important updates or security patches

• Legal Notices: Communicate legally required information

We do not send marketing emails unless you explicitly opt-in.

5.3 Service Improvement (If Analytics Enabled)

• Bug Fixes: Use crash reports to identify and fix issues

• Feature Development: Understand which features are most valuable to users

6. Data Storage and Processing

6.1 Local Storage

All your content is stored locally on your Mac:

• Transcriptions: Stored in your local application data folder

• Audio Recordings: Stored locally if you choose to save them

• Settings and Preferences: Stored locally on your device

• API Keys: Stored securely in your macOS Keychain, never transmitted to us

6.2 Local Transcription

When using local transcription models, all audio processing happens entirely on your device. No audio data is transmitted anywhere. Your voice never leaves your Mac.

6.3 Third-Party AI Services (BYOK)

When Pro users choose to use cloud AI services with their own API keys:

• Audio data is transmitted directly from your device to the third-party provider (e.g., OpenAI, Groq)

• VibeSonic does not intercept, log, or store this data

• Data handling is governed by the third-party's privacy policy

• You are responsible for reviewing and accepting the third-party's terms

• Any costs incurred on your API account are your sole responsibility

6.4 Data Retention

• Email Address: Retained for license management and communications until you request deletion

• License Records: Retained for the duration of your license validity plus any legally required period

• Device Identifiers: Retained only while your license is active; deleted upon license expiration or deactivation request

• Anonymous Analytics: Aggregated data retained for service improvement; individual data points are anonymised and cannot be attributed to you

7. Data Sharing and Disclosure

7.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for their commercial purposes.

7.2 Service Providers

We share limited information with:

• Payment Providers: LemonSqueezy, Gumroad, or other payment gateways process your purchase (governed by their respective privacy policies)

• Email Services: For transactional emails such as license delivery

• Cloud Infrastructure: Cloudflare for website and API hosting

7.3 Legal Requirements

We may disclose information when required by law:

• Legal Process: Court orders, subpoenas, or legal requirements

• Safety Protection: To protect rights, property, or safety

• Business Transfers: In connection with mergers, acquisitions, or asset sales

8. Data Security

8.1 Security Measures

• Secure Communications: All data transmission uses industry-standard encryption (TLS)

• API Key Storage: Your third-party API keys are stored securely in your macOS Keychain

• Local Data: Protected by your macOS security settings and file system permissions

8.2 License Validation

• License Keys: Validated securely to prevent unauthorised use

• Device Identification: Anonymous hardware ID used only for device limit enforcement

9. Your Privacy Rights

9.1 Your Controls

• Analytics: Opt-out of anonymous usage statistics at any time in Settings

• Local Processing: Use local-only transcription to avoid any external data transmission

• Data Deletion: Delete your local data at any time by removing the app or its data folder

9.2 Data Access Requests

You can request a copy of any personal data we hold about you by contacting team@vibesonic.ai. Since we collect minimal data, this will typically only include your email address and license information.

9.3 Data Deletion Requests

You can request deletion of your personal data by contacting team@vibesonic.ai. We will delete your email address, license records, and device identifiers within 30 days, except where retention is required by law.

9.4 Regional Rights

European Users (GDPR):

• Right to access your personal data

• Right to rectification of inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right to lodge complaints with supervisory authorities

California Users (CCPA):

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt-out of sale (we don't sell data)

• Right to non-discrimination for exercising privacy rights

10. Children's Privacy

VibeSonic is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at team@vibesonic.ai.

11. International Data Transfers

Your limited information (email, license data) may be processed in countries other than your own, including the United Kingdom and the United States (where our infrastructure providers operate). We ensure appropriate safeguards are in place:

• Adequate Protection: Transfers only to countries with adequate data protection or with appropriate safeguards

• Standard Contractual Clauses: EU-approved contract terms for data protection where applicable

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• In-App Notifications: Prominent notice within the application

• Email Notification: If you have provided an email address

• Website Updates: Updated policy posted on our website

Continued use of VibeSonic after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

• Email: team@vibesonic.ai

• Company: Northbase Ltd

• Subject Line: "VibeSonic Privacy Inquiry"

We aim to respond to all privacy-related inquiries within 30 days.

14. Legal Compliance

This Privacy Policy is governed by and construed in accordance with applicable data protection laws, including but not limited to:

• General Data Protection Regulation (GDPR)

• UK General Data Protection Regulation (UK GDPR)

• California Consumer Privacy Act (CCPA)

• Children's Online Privacy Protection Act (COPPA)

• Regional privacy regulations

Document Version: 2.1

Effective Date: January 1, 2026

Last Updated: January 30, 2026