VibeInk

Privacy Policy

Effective: May 1, 2026 Β· Last updated: May 1, 2026

VibeInk (β€œwe,” β€œus,” or β€œour”) operates vibeink.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase. It applies to all visitors regardless of location and is designed to comply with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Australia's Privacy Act 1988.

1. Information We Collect

1.1 Information You Provide

  • Account details (name, email address)
  • Shipping and billing address
  • Payment information (processed by Stripe β€” we never store full card numbers)
  • Customer service correspondence

1.2 Information Collected Automatically

  • Device type, browser, operating system
  • IP address (truncated/anonymised where required by law)
  • Pages visited, time on page, referral source
  • Cookies and similar tracking technologies (see our Cookie Policy)

2. How We Use Your Information

  • Process and fulfill your orders
  • Send order confirmations, shipping updates, and receipts
  • Provide customer support
  • Detect and prevent fraud
  • Improve our products and services
  • Send marketing communications (with your consent, where required)
  • Comply with legal obligations

3. Legal Basis for Processing (EEA/UK)

Under the GDPR and UK GDPR we rely on the following lawful bases:

  • Contract performanceβ€” to fulfill your orders.
  • Legitimate interestsβ€” fraud prevention, analytics, and improving our services.
  • Consentβ€” marketing emails and non-essential cookies.
  • Legal obligationβ€” tax and accounting records.

4. Data Sharing & Third Parties

We share your information only with third-party services necessary to operate our business:

  • Payment processingβ€” Stripe (PCI DSS Level 1 certified)
  • Print-on-demand fulfillmentβ€” Printful, Printify
  • Shipping carriersβ€” via fulfillment providers
  • Authenticationβ€” Clerk
  • Analyticsβ€” Google Analytics 4 (with IP anonymisation)
  • Cloud hostingβ€” Google Cloud Platform

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

5. International Data Transfers

Our servers are located in Europe (GCP europe-west1). When data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Order data is kept for 7 years for tax and legal compliance. You may request deletion at any time.

7. Your Rights

All Customers

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for marketing at any time

EEA/UK Customers (GDPR / UK GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local Data Protection Authority

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights
  • Right to correct inaccurate personal information

Canadian Customers (PIPEDA)

  • Right to access your personal information
  • Right to challenge accuracy and have it amended
  • Right to withdraw consent (subject to legal obligations)

Australian Customers (Privacy Act 1988)

  • Right to access and correct your personal information
  • Right to complain to the OAIC if unsatisfied

8. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately.

9. Security

We implement industry-standard security measures, including TLS encryption, secure cloud infrastructure, and access controls. However, no method of transmission over the Internet is 100% secure.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice on our website or emailing you.

11. Contact

For privacy-related inquiries or to exercise your rights:

EEA/UK residents may also contact your local Data Protection Authority. California residents may call our toll-free privacy line (details available upon request).