Privacy Notice

1. Scope

This Privacy Notice describes how Tethral, Inc. ("Tethral," "we," "our," or "us") collects, uses, and protects information in connection with Vibepay.io ("Vibepay"). This Notice applies to Users who create or use payment links via Vibepay, and to Buyers who pay via Stripe checkout initiated by a Vibepay link.

Vibepay is directed primarily to users located in the United States and is not designed to target or monitor individuals in the European Economic Area or the United Kingdom.

2. Information We Collect

2.1 Information You Provide to Stripe

When you use Vibepay, you will be required to connect or create a Stripe account. All payment and identity information requested by Stripe is collected and processed directly by Stripe under the Stripe Services Agreement. Vibepay does not receive or store full payment card numbers, bank account numbers, or government ID documents.

2.2 Metadata We Receive from Stripe

Through Stripe's APIs and webhooks, Vibepay may receive limited metadata, which may include:

• A unique Stripe account ID associated with the Seller.
• Transaction identifiers and status (for example: succeeded, pending, failed, refunded, disputed).
• Timestamps and amounts for payments.
• Basic information attached to the Stripe charge, such as currency, amount, and descriptor.

2.3 Service Metadata

When you use Vibepay, we may process:

• Payment link identifiers.
• Internal routing logic flags (for example: whether a payment flag has been set to "paid").
• Basic technical logs, such as date and time of link usage, IP address, and basic browser or device information, to the extent necessary for security and service operation.

2.4 Communications

If you email us (for example, for legal or support reasons), we collect your email address and any information you include in your message.

3. Information We Do Not Intentionally Collect or Store

3.1 Vibepay does not host or store the digital goods or files that Sellers provide to Buyers. These may include photos, videos, PDFs, code, documents, or websites. Those are stored and delivered by Sellers using their own infrastructure or third-party services.

3.2 Vibepay does not knowingly receive or store:

• The contents of files delivered by Sellers.
• Payment card numbers, CVV codes, or full bank account numbers.
• Government ID scans or biometric data.

3.3 Because we do not host or store your files, we cannot access, decrypt, or restore your content if it is lost or misconfigured elsewhere.

4. How We Use Information

We use the limited information we collect to:

• Operate and maintain Vibepay, including routing payment-trigger logic and verifying payment success with Stripe.
• Communicate with Users about service-related matters, such as support and legal notices.
• Monitor for security, fraud, and abuse, including repeated misuse of links or patterns that indicate high risk.
• Comply with legal, regulatory, and law enforcement obligations, to the extent applicable and technically feasible.
• Improve the reliability and performance of Vibepay.

We do not use collected information for behavioral advertising or cross-site tracking.

5. Cookies and Tracking Technologies

5.1 Essential Cookies

Vibepay uses only essential cookies and similar technologies necessary to operate the site, maintain session state, and enable secure checkout via Stripe.

5.2 No Advertising Cookies

We do not use third-party advertising cookies, retargeting pixels, or social media tracking pixels for targeted advertising.

5.3 Stripe Cookies

Stripe may use its own cookies and tracking technologies on the checkout pages it hosts. Those are governed by Stripe's own privacy and cookie policies.

6. Legal Bases (Where Applicable)

Although Vibepay is primarily directed to users in the United States and is not designed to target EU or UK residents, if and to the extent that EU or UK data protection laws apply, our legal bases for processing limited personal data may include:

• Performance of a contract (providing Vibepay services).
• Legitimate interests (fraud prevention, security, and service reliability).
• Compliance with legal obligations.

7. CCPA / CPRA Disclosures (California)

7.1 Categories of Personal Information

Under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the limited information that Vibepay may process could fall under:

• Identifiers (such as an email address used to contact us, or IP address in security logs).
• Internet or other network activity information (such as logs of link usage and timestamps).

7.2 We Do Not Sell or Share Personal Information

Vibepay does not sell personal information and does not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

7.3 California Consumer Rights

Because Vibepay processes minimal personal information and does not maintain a consumer profile in the usual sense, some CCPA rights (such as access and deletion) may be limited in practice. However, you may still contact vibepay_privacy@tethral.ai to ask whether we maintain any personal information about you and to request deletion of data that can reasonably be associated with you.

8. International Use and GDPR

8.1 Vibepay is primarily directed to users in the United States and is not specifically offered to individuals in the European Economic Area or the United Kingdom.

8.2 Vibepay does not systematically monitor the behavior of individuals in the EEA or UK in a way that is intended to trigger GDPR's extraterritorial provisions. If you are located in the EEA or UK, you should understand that Vibepay is not tailored to comply with all local requirements.

8.3 If we ever expand to offer localized services to EU or UK residents, we may adopt additional GDPR-specific documentation and safeguards at that time.

9. Data Retention

9.1 Vibepay retains limited metadata (for example, logs and Stripe transaction status) only as long as reasonably necessary for:

• Providing the service.
• Security and fraud prevention.
• Recordkeeping for legal or accounting obligations.

9.2 As a general guideline, we aim to retain most operational logs for no longer than approximately ninety (90) days, unless a longer retention period is required for security, legal, or compliance reasons.

9.3 Stripe and other third-party providers may have their own retention schedules, which are independent of Vibepay.

10. Data Security

10.1 We use reasonable administrative, technical, and organizational measures to safeguard the limited metadata we process. However, no method of transmission or storage is perfectly secure.

10.2 Because we do not store your files or see your payment card data, those security obligations are largely governed by your own hosting infrastructure and by Stripe's security measures.

11. Law Enforcement and Legal Requests

11.1 Tethral responds to valid legal process, such as subpoenas or court orders, to the extent required by law and to the extent technically feasible.

11.2 Our ability to respond is limited by the data we actually possess. We cannot provide file contents, detailed buyer identities, or payment card data that we never collect or store.

11.3 In the event of a legal request, we may disclose basic metadata if it can be reliably associated with an identifiable User and if disclosure is required by law.

12. Children's Privacy

12.1 Vibepay is not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from minors.

12.2 If we become aware that information has been collected from a minor in violation of this policy, we will take reasonable steps to delete it.

13. Your Choices and Rights

13.1 Because Vibepay processes minimal personal data, your main choices are:

• Whether to use Vibepay at all.
• Whether to connect a Stripe account.
• Whether to contact us for support or legal matters.

13.2 You may contact vibepay_privacy@tethral.ai to:

• Ask what information we may have that relates to you.
• Request correction of inaccurate contact information you provided.
• Request deletion of data that can reasonably be linked to you, subject to our legal obligations and technical capabilities.

14. Changes to this Privacy Notice

14.1 We may update this Privacy Notice from time to time. When we do, we will update the Effective Date at the top.

14.2 Material changes may be communicated via the Vibepay site or by email where appropriate.

15. Contact Information

For privacy inquiries or data subject requests, you may contact:

For legal notices, including subpoenas:

16. ANNEX A – Data Processing Addendum (Summary)

This Annex summarizes Vibepay's data processing role for business Users who may have obligations under data protection law.

16.1 Roles of the Parties

Tethral operates Vibepay in a limited capacity and primarily processes:

• Metadata about payment links and transactions.
• Log data for service operation and security.

Stripe acts as the primary payment processor and is a separate data controller or processor in its own right.

16.2 Scope of Processing

Tethral's processing is limited to:

• Routing payment metadata between Vibepay and Stripe.
• Maintaining logs and records for service integrity, security, and compliance.

Tethral does not process payment card details, full buyer profiles, or the content of digital files delivered by Sellers.

16.3 Subprocessors

Tethral may use basic infrastructure providers (for example, cloud hosting services) as subprocessors for metadata, subject to reasonable confidentiality and security requirements.

16.4 Security

Tethral will implement appropriate technical and organizational measures to protect metadata from unauthorized access or disclosure.

16.5 Assistance

Where reasonably possible and legally required, Tethral will provide assistance to business Users in responding to data subject requests, subject to the strict limitation of data that Tethral actually possesses.