Privacy Policy

Vibe Coding Basics LLC ("Vibe Coding Basics," "we," "us," or "our") is a small studio that designs and builds custom apps, websites, and AI workflow integrations for founders and small teams. This Privacy Policy explains what information we collect, how we use it, and what choices you have.

This policy covers two situations:

• Visitors and prospects: people who browse the site, submit the contact form, or sign up for the "Field Notes" mailing list.
• Active clients: companies and individuals who hire us for a project. During an engagement we typically receive business contact information, project briefs, source code, design assets, and access credentials needed to do the work.

The contractual terms that govern an active engagement are in our Terms of Service; this policy describes how we handle the data side of that relationship.

When you visit this site we collect:

• Contact form submissions: the name, email, and message you submit. These are forwarded to us by email through Resend; we do not run our own database storing them.
• "Field Notes" signups: the email address (and the optional "what are you working on" field) you submit on the lead form. The submission is forwarded to our internal email or CRM tool so we can send the notes you signed up for.
• Google Analytics records aggregate web traffic data such as pages viewed, approximate location (city level), device and browser, and referring site, using a randomly assigned identifier and cookies. We do not use it for ad targeting.
• Vercel Analytics records anonymized page-view counts and basic performance metrics. It does not use cookies and does not assign a persistent visitor identifier.
• Server logs: our hosting provider (Vercel) keeps short-term request logs that include IP address, timestamp, and the URL you requested. These are used for security and debugging.

When you hire us for a project, we typically receive:

• Business contact information for you and any people on your team we work with directly.
• Project materials you share with us: briefs, designs, copy, brand assets, existing source code, and supporting documents.
• Access credentials we need to do the work: repository access, hosting accounts, third-party API keys, and similar. We use credential-sharing tools (like 1Password) where practical; we never request a password we do not need.
• End-user data, if applicable. If a project requires us to handle data belonging to your end users (for example, when migrating a database or wiring up authentication), we treat it as confidential and use it only to deliver the engagement. If your end-user data is subject to GDPR, CCPA, HIPAA, or similar regulation, we will discuss with you whether an appropriate data processing addendum is required before handling it.

We use the information above to:

• Respond to inquiries and send proposals
• Deliver and maintain projects we have been hired to build
• Send occasional "Field Notes" emails to people who explicitly subscribed
• Operate, secure, and improve the site itself
• Comply with legal obligations (tax records, court orders, and similar)

We do not sell personal information. We do not share personal information with third parties for their own marketing.

For visitors and prospects in jurisdictions that require a stated legal basis (such as the EU and UK under GDPR), we rely on:

• Consent for the "Field Notes" mailing list (you opt in by submitting the form).
• Legitimate interest for handling contact form submissions, running basic analytics, and protecting the site from abuse. If you are in a jurisdiction that requires explicit consent before analytics cookies are set, you can block them in your browser settings or with an ad blocker.
• Contract for handling client information needed to deliver an engagement.
• Legal obligation where required (for example, retaining invoices for tax purposes).

We rely on a small set of vendors to run the site and our business. Each one has its own privacy policy, linked below.

• Vercel hosts the site and processes server logs and Vercel Analytics data. Vercel Privacy Policy
• Resend delivers contact form messages to our inbox. They process the name, email, and message you submit. Resend Privacy Policy
• Google Analytics records aggregate site usage data. Google Privacy Policy. You can opt out via the Google Analytics opt-out browser add-on or by using a browser that blocks analytics scripts.

We also use Namecheap as our domain registrar. Namecheap does not receive site visitor data, but it does process the registrant information for the domain itself. Namecheap Privacy Policy

During a paid engagement we may also use task tracking, file sharing, and source control tools (for example, Notion, Linear, GitHub, Figma, Loom). The specific tools used on a project are listed in the Statement of Work.

Google Analytics sets a small number of cookies to recognize repeat visitors and measure traffic. These cookies are not used for advertising or cross-site tracking. Vercel Analytics is cookieless. You can clear or block analytics cookies at any time in your browser settings or with a content blocker.

We keep different categories of data for different periods.

• Contact form messages: kept in our inbox indefinitely unless you ask us to delete them.
• "Field Notes" subscriptions: kept until you unsubscribe.
• Analytics data: retained per the default settings of the analytics provider (typically 14 to 26 months).
• Server logs: short-term, per Vercel's defaults.
• Client project materials and credentials: kept for the duration of the engagement and then archived for a reasonable period for support and legal needs. Credentials we no longer need are deleted promptly.
• Invoices and tax records: retained for the period required by applicable tax law.

Depending on where you live (notably under GDPR, UK GDPR, CCPA, and similar laws) you may have the right to:

• Ask what personal information we hold about you
• Ask us to correct inaccurate information
• Ask us to delete information we no longer have a reason to keep
• Receive a copy of your information in a portable format
• Object to or restrict certain processing
• Opt out of analytics or marketing emails at any time

To exercise any of these, email dominic@vibecodebootcamp.net. We respond within 30 days. We do not charge a fee for reasonable requests.

We are based in the United States and the service providers listed above are also primarily US-based. If you submit information from outside the United States, you understand that the information will be transferred to and processed in the United States, which has different data protection laws than your home country.

This site and our services are intended for adults running businesses or building products. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

The site is served over HTTPS. Server-side environment secrets are stored in our hosting provider's encrypted vault. Client credentials we receive during engagements are stored in a password manager and are deleted when the engagement ends. No system is perfectly secure. If we ever experience a security incident affecting your information we will tell you about it as quickly as we reasonably can, and in any event within the timeframe required by applicable law.

We will update this policy from time to time. The "Last updated" date at the top reflects the most recent material change. For significant changes that affect how we handle existing client data, we will give clients reasonable advance notice by email.

Questions, requests, or concerns about this policy: dominic@vibecodebootcamp.net.