1 Who We Are
VibeGyor ("we," "our," "us") is operated by Viraa Technologies. We provide a mobile application that helps creators discover AI-generated content repurposed from publicly available media, and post it to social media platforms of their choice. Our registered contact email is privacy@vibegyor.ai.
2 What We Collect
Account Information
When you sign up we collect your email address and name. Authentication is handled by Clerk, a third-party identity provider. We do not store your password.
Content We Process
VibeGyor aggregates publicly available content from across the internet. We do not own this media. Our AI uses this aggregated content to generate repurposed drafts tailored for different platforms. AI-generated drafts are stored on our servers for up to 30 days, then permanently deleted. We do not store any underlying source media files.
Social Platform OAuth Tokens
When you choose to connect a social platform (X/Twitter, LinkedIn, Instagram, Facebook, Threads, YouTube, TikTok, Reddit), we receive and store an OAuth access token from that platform to publish content on your behalf when you explicitly tap "Post."
Device Information
We collect your device's push notification token (via Expo) to send you job-completion notifications. This token is deleted when you sign out.
Usage Data
We collect basic usage logs (timestamps, API request types, error codes) for debugging and service improvement. These logs do not contain your content or social tokens.
3 How We Use Your Data
| Data | Purpose |
|---|---|
| Email / name | Account creation, authentication, support communications |
| Aggregated public content | Input to AI content generation pipeline |
| AI-generated drafts | Presented to you for review; published only on your explicit instruction |
| OAuth tokens | Publishing content to the connected platform when you tap "Post" |
| Push notification token | Sending job-completion alerts to your device |
| Usage logs | Debugging, performance monitoring, service improvement |
We do not use your content or social tokens for advertising, training AI models, or any purpose beyond the above. We do not sell your data.
4 Social Platform Integrations
When you connect a social account, VibeGyor:
- Stores your OAuth access token and refresh token (encrypted, server-side only).
- Uses the token solely to publish content when you explicitly initiate a post — we never auto-post.
- Does not read your followers, direct messages, contact lists, or any data beyond what is minimally required to complete a post action.
- Will immediately delete the token if you disconnect the platform via Settings → Connected Accounts.
The specific permissions (OAuth scopes) we request from each platform:
| Platform | Permissions requested |
|---|---|
| X / Twitter | tweet.write, tweet.read, users.read, offline.access |
| w_member_social, r_liteprofile, openid, profile | |
| pages_show_list, pages_manage_posts, pages_read_engagement, public_profile | |
| instagram_basic, instagram_content_publish, pages_show_list | |
| Threads | threads_basic, threads_content_publish |
| YouTube | youtube.upload, youtube.force-ssl |
| TikTok | user.info.basic, video.publish |
| submit, read, identity |
5 Data Sharing
We share your data only with:
- Social platform APIs — when you explicitly request a post.
- AWS (Amazon Web Services) — our cloud infrastructure provider. Data is stored in the US (us-east-1).
- Clerk — handles authentication (email/name only).
- Expo — receives your push notification token only. No content or social tokens are shared.
- Anthropic — AI provider powering content generation. Only aggregated source content text is sent; no social tokens or personal identifiers.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
6 Data Retention
| Data type | Retention period |
|---|---|
| OAuth access & refresh tokens | Until you disconnect the platform or delete your account |
| AI job content (generated drafts) | 30 days from creation, then permanently deleted |
| Push notification tokens | Until you sign out |
| Account information (email, name) | Until account deletion |
| Usage logs | 90 days |
7 Security
- OAuth tokens are encrypted with AES-256-GCM before being written to the database.
- All communication uses TLS 1.2 or higher.
- Our database runs on encrypted storage volumes (AWS / Neon PostgreSQL).
- Encryption keys are stored in AWS Secrets Manager, never in source code.
- We conduct periodic access reviews on who can access production systems.
No system is 100% secure. If you suspect your account has been compromised, contact us immediately at privacy@vibegyor.ai.
8 Your Rights and Choices
- Disconnect a social account — tap Settings → Connected Accounts → Disconnect at any time. The token is deleted immediately.
- Delete your account — email privacy@vibegyor.ai and we will delete all your data within 30 days.
- Access your data — request a copy of all data we hold about you by emailing privacy@vibegyor.ai.
- Correct your data — if any information is incorrect, contact us and we will update it.
- Opt out of notifications — turn off notifications in your device settings at any time.
If you are located in the EEA or United Kingdom, you have additional rights under GDPR / UK GDPR, including the right to lodge a complaint with your local data protection authority.
9 Children's Privacy
VibeGyor is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us at privacy@vibegyor.ai and we will delete it promptly.
10 International Data Transfers
VibeGyor is operated from India. Our servers are located in the United States (AWS us-east-1). By using the app, you consent to your data being transferred to and processed in the United States.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app notification and update the "Last updated" date at the top of this page. Your continued use of VibeGyor after the effective date constitutes your acceptance of the changes.
12 Contact Us
For privacy questions, data deletion requests, or any concern about how we handle your information:
Email: privacy@vibegyor.ai
Website: vibegyor.ai
We aim to respond to all privacy enquiries within 5 business days.