VibeTriage

Premium human QA

Sign up

Privacy policy

Privacy policy

This policy explains what personal information VibeTriage collects, how it is used, when it is disclosed, and what rights and choices may apply.

VibeTriage Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy explains how VibeTriage LLC, a company organized under the laws of the State of North Carolina, United States, doing business as VibeTriage (“VibeTriage,” “we,” “us,” or “our”), collects, uses, discloses, and otherwise processes personal information when you:

  • visit https://vibetriage.io or any related pages, forms, portals, or reports we operate;
  • request information, join a waitlist, book a call, or otherwise communicate with us;
  • purchase, receive, or use our services; or
  • interact with us as a customer, prospective customer, referral source, vendor, or other business contact.

This Privacy Policy is intended for a business-to-business service that helps teams test staging builds and pre-release software and receive triaged bug reports, recordings, and related quality-assurance output. It does not apply to third-party websites, applications, platforms, or services that we do not control, even if they are linked from our Site or used in connection with a project.

1. Scope and Privacy Roles

1.1 When this Policy applies

This Privacy Policy applies to personal information we collect and process for our own business purposes, including information about:

  • website visitors;
  • leads, waitlist signups, and people who request calls or proposals;
  • customers and their personnel;
  • agency representatives, client representatives, and project collaborators;
  • vendors and advisors; and
  • individuals who communicate with us.

1.2 Customer Testing Data

In connection with our services, customers may provide or make available staging URLs, app builds, test accounts, credentials, seed data, logs, screenshots, recordings, issue-tracker access, and other materials. This may include personal information that appears inside a customer-designated testing environment. In this Privacy Policy, we refer to that category broadly as “Customer Testing Data.”

1.3 Controller / Business role for our own operations

When we collect personal information for our own sales, marketing, contracting, billing, website operations, vendor management, security, and internal administration, VibeTriage acts as the controller or business responsible for that processing.

1.4 Processor / Service Provider role for customer-authorized testing

When we access or process Customer Testing Data on behalf of a customer in order to perform testing, document bugs, or deliver reports, we generally act as a processor or service provider under applicable law, and the customer controls the purposes and scope of that processing.

Our customers are responsible for deciding what environments and data to place in scope, and for ensuring that they have any notices, permissions, and consents required to authorize our access.

1.5 If you are an end user of a customer’s app or site

If your personal information appears in an application, website, or workflow that we test for one of our customers, please direct privacy requests to that customer first. We may not be able to respond directly to your request where we process the relevant information only on the customer’s behalf.

1.6 Separate contracts

If you are a customer and we have a separate order form, non-disclosure agreement, or data processing addendum with you, that agreement may supplement this Privacy Policy for Customer Testing Data. Customers who require a separate data processing addendum or additional privacy terms should contact us at inquiries@vibetriage.io.

2. Personal Information We Collect

We collect personal information from several sources and at different points in the customer lifecycle.

2.1 Information you provide directly

Depending on your relationship with us, you may provide the following categories of personal information:

  • Contact and professional information, such as your name, work email address, phone number, company name, job title, country, and role.
  • Lead and qualification information, such as details you submit through contact forms, waitlists, intake questionnaires, and sales calls, including launch timing, software type, platform, shipping frequency, current QA pain points, tools used by your team, and fit or qualification information.
  • Account and contract information, such as billing contacts, login credentials for our portals (if any), order information, signed agreements, and project contacts.
  • Payment and transaction information, such as billing address, invoice details, tax information, transaction history, and limited payment metadata. Full payment card information is typically collected and processed by our payment processors rather than stored by us.
  • Customer Testing Data, such as staging links, app builds, install files, test credentials, feature flags, test instructions, seed data, screenshots, recordings, and supporting documentation you choose to provide or make accessible to us.
  • Communications and support content, such as emails, chat messages, meeting notes, attachments, support requests, and feedback.
  • Referral or partnership information, such as details shared by a referral source or partner when introducing a potential customer or project.

2.2 Information we create or collect during service delivery

When we perform testing and quality-assurance work, we may create or collect:

  • Bug reports and triage output, such as reproduction steps, severity and priority labels, summaries, ticket-ready descriptions, comments, and verification notes.
  • Evidence and artifacts, such as screenshots, screen recordings, logs, console output, network traces, crash details, issue timestamps, app version information, and notes taken during testing.
  • Device, browser, and environment metadata, such as operating system, browser type, browser version, device model, screen size, locale, time zone, network type, and approximate geolocation inferred from IP address.
  • Collaboration metadata, such as issue-tracker identifiers, assignee names, ticket links, comments, status changes, and related metadata in tools such as Linear, Jira, GitHub, Slack, or similar platforms if you direct us to use them.
  • Quality-control and review records, such as internal review notes used to standardize reports, maintain consistency, and improve service quality.

2.3 Information collected automatically on our Site

When you use our Site, we or our service providers may automatically collect certain information, including:

  • IP address and general location derived from IP;
  • browser type, browser version, operating system, device identifiers, and language settings;
  • pages viewed, features used, referring URLs, links clicked, and session timestamps;
  • cookie identifiers, local storage data, and similar technical data; and
  • analytics or diagnostic information used to understand traffic, performance, and engagement.

2.4 Information from third parties

We may receive personal information from third parties, including:

  • payment processors, scheduling providers, communications providers, analytics providers, hosting providers, and other service providers;
  • your employer, agency, client, or project collaborators;
  • referral partners or co-marketing partners;
  • publicly available professional sources such as company websites, app store pages, business directories, and professional networking profiles, where permitted by law and used for business development or relationship management; and
  • third-party tools or systems that you ask us to connect to or use during a project.

3. Sensitive Data, Customer App Data, and Minimization

3.1 Use staging environments where possible

Because VibeTriage tests software flows, some projects may involve authenticated environments, test accounts, or data visible inside customer applications. We ask customers to use staging or non-production environments and dedicated test accounts whenever reasonably possible.

3.2 Please do not send unnecessary sensitive data

Unless strictly necessary for an agreed project and lawfully authorized, please do not send or expose to us:

  • government-issued identifiers;
  • full payment card numbers;
  • live bank account credentials;
  • full medical or health records;
  • information about children;
  • highly sensitive communications content; or
  • other sensitive personal information that is not reasonably necessary for testing.

3.3 If sensitive data appears in scope

If a customer authorizes us to test a flow or environment that contains sensitive personal information, log-in credentials, financial data, health-related information, location information, or other sensitive content, we process that information only to the extent reasonably necessary to provide the services, document findings, maintain security, comply with law, and enforce our agreements.

3.4 Customer responsibility for scope selection

Customers are responsible for determining what data and environments are placed in scope and for ensuring that they are authorized to share that data with us.

3.5 Our use limitations for Customer Testing Data

Unless we clearly disclose otherwise and obtain any required permissions:

  • we do not use Customer Testing Data for public marketing;
  • we do not sell Customer Testing Data; and
  • we do not use Customer Testing Data to train public, open, or customer-external generative AI models without the customer’s explicit written permission.

We may, however, use de-identified or aggregated information that does not identify you, your company, or any individual to improve our workflows, device coverage planning, report quality, defect taxonomies, and internal service operations.

4. How We Use Personal Information

We may use personal information for the following purposes:

  1. To operate our Site and business.

This includes running our website, forms, intake flows, dashboards, and related business systems.

  1. To respond to inquiries and manage sales.

This includes answering questions, booking calls, qualifying leads, preparing proposals, and communicating about our services.

  1. To provide the Services.

This includes testing websites and apps, reproducing issues, capturing evidence, preparing reports, verifying findings, coordinating retests, and delivering outputs to customers or customer-designated systems.

  1. To manage customer relationships.

This includes account administration, onboarding, support, service communications, renewals, billing contacts, and customer success activities.

  1. To process payments and maintain records.

This includes invoicing, accounting, tax compliance, fraud prevention, collections, and financial audits.

  1. To secure our systems and the Services.

This includes access control, monitoring, logging, abuse prevention, troubleshooting, incident detection, and business continuity.

  1. To maintain report quality and service consistency.

This includes internal review by authorized personnel, workflow standardization, training of reviewers, and quality assurance.

  1. To improve our Site, service delivery, and internal tools.

This includes analytics, diagnostics, process improvement, service planning, and the use of de-identified or aggregated learnings.

  1. To send service-related and marketing communications.

This includes updates, confirmations, invoices, product or service announcements, and, where permitted by law, marketing or outreach communications. You may opt out of marketing communications at any time.

  1. To comply with law and protect rights.

This includes complying with legal obligations, responding to lawful requests, preventing misuse, enforcing contracts, and protecting our rights, customers, personnel, and systems.

  1. To support corporate events.

This includes due diligence, financing, audits, restructuring, or actual or proposed mergers, acquisitions, or asset sales.

4.1 No solely automated decisions with legal or similarly significant effects

We do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects about individuals.

5. Legal Bases for EEA and UK Personal Information

If the GDPR, UK GDPR, or similar laws apply to our processing of your personal information, we rely on one or more of the following legal bases:

  • Contract. To take steps at your request before entering into a contract, and to perform our contract with you or your organization.
  • Legitimate interests. To operate and improve our business, respond to inquiries, provide a secure and reliable service, maintain quality control, prevent fraud, conduct proportionate business-to-business marketing, and protect our legal rights.
  • Consent. Where required by law, such as for certain non-essential cookies or certain marketing activities.
  • Legal obligation. To comply with applicable laws, regulations, court orders, tax obligations, and lawful requests.
  • Vital interests. In the rare event processing is necessary to protect someone’s vital interests.

Where we rely on consent, you may withdraw it at any time, although withdrawal will not affect the lawfulness of processing before withdrawal.

6. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

6.1 Authorized personnel and affiliated support resources

We may disclose personal information to our employees, affiliates, reviewers, and authorized contractors who need the information to perform their job responsibilities, maintain quality, or support our business operations. This may include authorized testing and review personnel located in Kenya or other jurisdictions.

6.2 Service providers and subprocessors

We may disclose personal information to vendors and service providers that support our operations, such as providers of:

  • cloud hosting and storage;
  • email and communications;
  • scheduling and video conferencing;
  • payment processing and invoicing;
  • analytics and diagnostics;
  • customer support, ticketing, and collaboration tools;
  • security and fraud prevention;
  • device, browser, or testing infrastructure; and
  • professional services such as legal, accounting, and insurance support.

These parties are authorized to process personal information only for the services they provide to us or as otherwise permitted by law.

6.3 Customers and customer-designated collaborators

If you are part of a customer project, we may disclose relevant information to:

  • the customer that purchased the services;
  • the customer’s agency, client, or designated collaborators;
  • the issue trackers, repositories, chat channels, and platforms the customer asks us to use; and
  • other persons or systems the customer authorizes for project delivery.

6.4 Public authorities and legal processes

We may disclose personal information where required to do so by law or where we reasonably believe disclosure is necessary to:

  • comply with a subpoena, court order, law, regulation, or lawful request;
  • protect the security or integrity of our systems or services;
  • investigate fraud, abuse, or violations of our agreements; or
  • protect the rights, property, or safety of VibeTriage, our customers, or others.

6.5 Corporate transactions

We may disclose personal information in connection with an actual or proposed financing, merger, acquisition, reorganization, asset sale, bankruptcy, or similar corporate event.

6.6 With your direction or consent

We may disclose personal information where you instruct us to do so or where you have otherwise consented.

6.7 Sale, sharing, and targeted advertising statement

We do not sell Customer Testing Data. We do not share Customer Testing Data for cross-context behavioral advertising.

We do not knowingly disclose website visitor or business contact personal information to third parties for their own direct marketing purposes. If we later use advertising or remarketing technologies in a way that applicable law treats as a “sale,” “sharing,” or “targeted advertising,” we will update this Privacy Policy and provide any notice or opt-out mechanisms required by law.

7. Cookies and Similar Technologies

7.1 Types of technologies we may use

We and our service providers may use cookies, pixels, tags, SDKs, local storage, and similar technologies for the following purposes:

  • Strictly necessary / functional technologies to operate the Site, maintain security, and remember settings;
  • Analytics / performance technologies to understand traffic, diagnose issues, and improve the Site;
  • Preference technologies to remember user choices; and
  • Campaign measurement or advertising-related technologies, where used, to understand the effectiveness of outreach or marketing.

7.2 Your choices

You can usually control cookies through your browser or device settings. If we use a cookie banner or preference center, you may use those tools to manage non-essential cookies.

7.3 Global Privacy Control and similar signals

Where required by applicable law and technically supported, we will process recognized opt-out preference signals, such as Global Privacy Control, for the browser or device from which the signal is sent in relation to sale, sharing, or targeted-advertising processing covered by applicable law.

7.4 Do Not Track

Because “Do Not Track” signals have not been uniformly adopted as a standard, our Site may not respond to them unless required by applicable law.

8. International Data Transfers

VibeTriage may process personal information in the United States, Kenya, and other countries where we or our service providers operate. Those countries may have data protection laws that differ from the laws of your jurisdiction.

When required by applicable law, we use appropriate safeguards for cross-border transfers, such as contractual commitments or other lawful transfer mechanisms. To request more information about the safeguards we use where required, contact us at inquiries@vibetriage.io.

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, resolve disputes, enforce agreements, comply with law, and protect our systems.

Our typical retention approach is as follows, unless a longer or shorter period is required by law or agreed in writing with a customer:

| Data Type | Typical Retention Approach | | --- | --- | | Lead, inquiry, and waitlist information | Up to 24 months after the last meaningful interaction, unless a longer period is needed for legal, compliance, or suppression-list purposes | | Customer account, contract, billing, tax, and invoice records | During the customer relationship and typically for 7 years afterward | | Payment-related records we maintain | Typically 7 years, while payment processors may retain their own records under their policies and legal obligations | | Temporary test credentials and temporary access information | Deleted, revoked, or disabled when no longer needed, and ordinarily within 30 days after project completion unless legal, security, backup, or contractual needs require longer retention | | Raw testing artifacts such as temporary workspaces, screen recordings, screenshots, logs, and install files | Ordinarily up to 90 days after project completion or termination, unless longer retention is required by law, for security or dispute reasons, or under a separate written agreement | | Deliverables, project summaries, issue history, and customer communications | During the relationship and typically for up to 7 years afterward, except to the extent data remains in customer-controlled third-party systems | | Website logs and analytics records | Typically up to 12 months, unless needed longer for security or diagnostics | | De-identified or aggregated information | May be retained longer because it no longer identifies an individual |

Retention periods may be extended where reasonably necessary to respond to legal claims, investigate incidents, enforce agreements, comply with litigation holds, or maintain appropriate backups.

10. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. These measures may include access controls, confidentiality obligations, least-privilege access, project scoping, logging, secure communications, and vendor management.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Customers can help reduce privacy and security risk by:

  • providing staging rather than production environments where possible;
  • using dedicated test accounts rather than live end-user accounts;
  • minimizing unnecessary personal data in the testing environment; and
  • revoking temporary credentials when a project is complete.

11. Your Rights and Choices

11.1 Marketing communications

You can opt out of promotional emails by using the unsubscribe link in the message or by contacting us at inquiries@vibetriage.io. Even if you opt out of marketing messages, we may still send you transactional or service-related communications.

11.2 Updating information

If you believe information we hold about you is inaccurate or incomplete, you may contact us and request that we correct or update it.

11.3 U.S. state privacy rights

Depending on where you live and subject to applicable law, you may have rights to:

  • confirm whether we process your personal information;
  • access or obtain a copy of your personal information;
  • correct inaccurate personal information;
  • delete personal information;
  • receive a portable copy of certain personal information;
  • opt out of certain processing for targeted advertising, sale, or certain profiling; and
  • appeal a denial of your request.

We will not unlawfully discriminate against you for exercising applicable privacy rights.

If we hold the relevant information only as a processor or service provider on behalf of a customer, we may direct your request to that customer or ask you to contact the customer directly.

11.4 How to submit a privacy rights request

To submit a request, email us at inquiries@vibetriage.io with the subject line “Privacy Request.” We may also make additional request methods available through the Site, billing portal, or account portal. Please describe your request and provide enough information for us to verify your identity or authority.

If you are an authorized agent acting on someone else’s behalf, we may require proof of your authority and may also need to verify the identity of the individual whose information is the subject of the request.

11.5 Appeal process

If we deny your request, you may appeal that decision by emailing inquiries@vibetriage.io with the subject line “Privacy Appeal” within 30 days after the denial. We will review and respond within the time required by applicable law. Where required, we will also tell you how to contact the relevant state attorney general or regulator if your appeal is denied.

11.6 California-specific notes

California residents may have rights to know, delete, correct, opt out of sale or sharing, and limit certain uses of sensitive personal information, subject to exceptions and applicable thresholds.

We do not use or disclose sensitive personal information to infer characteristics about individuals. Instead, we use sensitive personal information only as reasonably necessary to provide the Services, authenticate access, maintain security, prevent fraud, comply with law, and for other permitted business purposes.

11.7 EEA / UK rights

If the GDPR, UK GDPR, or similar laws apply, you may have the right to:

  • access your personal information;
  • rectify inaccurate personal information;
  • erase your personal information in certain circumstances;
  • restrict certain processing;
  • object to certain processing;
  • receive a portable copy of certain personal information;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with your local supervisory authority or the UK Information Commissioner’s Office, as applicable.

12. Supplemental U.S. State Privacy Disclosures

This section is intended to provide additional transparency for U.S. residents, including California residents. Not every category below applies to every person. The exact categories we collect depend on how you interact with us.

| Category of Personal Information | Examples | Sources | Business / Commercial Purposes | Categories of Recipients | | --- | --- | --- | --- | --- | | Identifiers and contact information | Name, work email, phone number, company, address, account identifiers | You, your employer, referral sources, public professional sources, service providers | Sales, onboarding, account management, support, communications, security, legal compliance | Service providers, customers and collaborators, advisors, authorities | | Professional or commercial information | Job title, company role, project details, order history, subscription or service tier, billing contact details | You, your organization, payment or billing providers | Contracting, service delivery, billing, support, relationship management, audits | Service providers, customers and collaborators, advisors, authorities | | Internet or network activity information | IP address, browser and device data, Site usage, cookie data, referral URL, session activity | Your browser or device, analytics or hosting providers | Site operation, analytics, diagnostics, security, campaign measurement | Hosting, analytics, diagnostics, security providers | | Customer Testing Data and related account data | Staging URLs, builds, credentials, test accounts, feature flags, logs, issue-tracker data, bug reports, notes | Customers, customer-designated systems, project collaborators, our testing activity | Service delivery, evidence capture, report preparation, retesting, support, security, de-identified improvement | Authorized personnel, service providers, customers and collaborators, issue-tracker tools, advisors if needed | | Audio, visual, and electronic information | Screenshots, screen recordings, meeting recordings, call notes, chat transcripts, attachments | You, customers, customer-designated systems, our testing activity | Bug documentation, support, quality review, delivery of reports, legal compliance | Authorized personnel, service providers, customers and collaborators, advisors, authorities | | Financial and transaction information | Invoices, payment status, billing address, tax information, limited payment metadata | You, payment processors, accounting systems | Billing, accounting, fraud prevention, tax compliance, audits, collections | Payment processors, accounting providers, advisors, authorities | | Sensitive personal information | Account credentials, log-in information, contents of in-scope app flows that may reveal sensitive details, precise location if present in a tested flow | You, customers, customer-designated systems | Authentication, secure service delivery, bug reproduction, incident response, legal compliance, other permitted purposes | Authorized personnel, necessary service providers, customers and collaborators, advisors or authorities when required |

12.1 Sources

We collect personal information from you directly, automatically through your devices and browsers, from our service providers, from your employer or project collaborators, from referral sources, and from publicly available professional sources where permitted by law.

12.2 Retention

We retain personal information as described in the Data Retention section above.

12.3 Sensitive personal information

We do not use sensitive personal information to infer characteristics about consumers. We use it only as reasonably necessary for permitted purposes such as providing the Services, authenticating users, securing systems, detecting fraud, and complying with law.

13. Third-Party Services and Links

Our Site, deliverables, or communications may include links to third-party websites, app stores, issue trackers, repositories, collaboration tools, or payment pages that we do not control. Their privacy practices are governed by their own policies and terms.

If you interact with a customer-controlled platform, issue tracker, or communication channel that we use to deliver a project, that platform’s operator may independently collect and process information under its own privacy policy.

14. Children’s Privacy

Our Site and Services are designed for business users and are not directed to children under 13. We do not knowingly collect personal information directly from children under 13 for our own business purposes. If you believe a child has provided personal information to us directly, contact us at inquiries@vibetriage.io so we can review and take appropriate action.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, practices, technology, legal obligations, or other operational needs. When we do, we will update the “Last Updated” date above. If changes are material, we may provide additional notice where required by law.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact:

VibeTriage LLC
d/b/a VibeTriage
Morrisville, NC, USA
inquiries@vibetriage.io

For privacy requests and appeals, use: inquiries@vibetriage.io