V
VBLTY
Legal · Last updated April 27, 2026

Privacy Policy

VBLTY (“we,” “us,” or “our”) operates VBLTY.com (the “Service”) and provides a content-creation and analytics dashboard for social media accounts. This policy describes what information we collect, how we use it, who we share it with, and the rights you have over your data.

1. Information we collect

We collect three categories of information:

a) Account information you provide

  • Name, email, password, billing information you supply during signup or checkout.
  • Brand profile data (handle, brand voice, accent color, niche) you configure inside the dashboard.
  • Content you create or upload (drafts, captions, images, prompts).

b) Connected platform data (Instagram, Facebook, TikTok, X)

When you connect a social-media account through Post-Bridge or authorize VBLTY directly via Meta’s Graph API or equivalent, we collect:

  • Public profile fields: username, profile picture URL, follower count, following count, total post count.
  • Aggregate account insights: 28-day reach, profile views, follower demographics (age range, country, city) when permitted by the platform.
  • Per-post data for posts published from your connected accounts: caption, media URL, permalink, timestamp, likes, comments, saves, shares, reach, impressions, profile visits, total interactions.
  • OAuth access tokens needed to call the platform’s API on your behalf, stored encrypted.

We do not collect direct messages, private stories, or any data behind a follower-only privacy gate. We do not collect data about other users (your followers, commenters) beyond what the platform’s API surfaces in aggregate.

c) Usage data

  • IP address, browser type, device type, pages visited, referring URL, session duration.
  • Cookies and similar tracking technologies (see Section 7).

2. How we use your information

  • Operate the Service: render dashboards, generate content drafts, schedule posts.
  • Show you analytics about your own connected accounts and posts.
  • Authenticate you and process payments.
  • Send service emails (account, billing, security). We do not send marketing email without separate opt-in.
  • Improve the Service via aggregated, de-identified analytics on usage patterns.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal information. We do not use connected-platform data to train any AI/ML model. We do not use the data of users who have not signed up for VBLTY.

3. Who we share data with

We share data only with infrastructure subprocessors required to operate the Service. As of April 27, 2026 this list is:

  • Vercel — application hosting and CDN.
  • Supabase — primary database and authentication.
  • Stripe — payment processing.
  • Anthropic (Claude) — caption + content generation. Claude does not retain inputs for training when accessed via API.
  • FAL.ai + OpenAI — image generation. Inputs are processed and not retained for training.
  • Post-Bridge — third-party scheduler that publishes posts to your connected platforms.
  • Resend / Postmark — transactional email delivery (only if used in your tier).

We share data with these subprocessors only to the extent necessary to provide the Service. We do not sell, rent, or otherwise disclose your information to third parties for their own marketing or analytics use.

4. Data retention

  • Account data: retained while your account is active, plus 30 days after deletion to allow recovery.
  • Connected-platform metrics (post insights, follower history): retained for the life of the account so we can show historical growth trends. You may request deletion at any time (see Section 6 and our Data Deletion page).
  • OAuth tokens: rotated automatically; revoked when you disconnect the account or delete your VBLTY account.
  • Backup snapshots: retained 30 days from snapshot date.
  • Logs containing IP addresses: retained 90 days for security and abuse investigation, then deleted or fully anonymized.

5. Security

We use TLS for all traffic in transit and AES-256 (or stronger) for data at rest. OAuth tokens are encrypted with a separate KMS key. Access to production data is restricted to authorized personnel and audited. We follow industry-standard practices but no system is 100% secure; we will notify affected users without undue delay if we become aware of a breach involving their data.

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (see Data Deletion page).
  • Export your data in a machine-readable format.
  • Object to or restrict processing in certain circumstances (GDPR / CCPA / CPRA).
  • Withdraw consent for any processing based on consent.

To exercise these rights email privacy@vblty.com from the email address on your account. We respond within 30 days.

7. Cookies

We use first-party cookies for authentication (session cookies) and to remember your dashboard preferences. We do not use third-party advertising cookies. You can disable cookies in your browser settings; disabling auth cookies will prevent login.

8. Children

VBLTY is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with data, contact privacy@vblty.com and we will delete it.

9. International users

VBLTY is operated from the United States. By using the Service you consent to your data being processed in the U.S. We comply with applicable cross-border transfer requirements (Standard Contractual Clauses for EU/UK users).

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced via dashboard banner and email at least 7 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

VBLTY · privacy@vblty.com