Skip to content
Vibecode.game Logo Vibecode.game

Privacy Policy

Last updated:

The short version: We collect only what we need to run the platform. We don't sell your data. You can request deletion at any time. Everything is stored securely via Supabase and hosted on Vercel.

01 · Who We Are

vibecode.game is a community hub for discovering and showcasing vibe-coded games — games built with AI-assisted, rapid development workflows. The website and related applications, tools, features, and services (collectively, the "Services") are operated by Yield Guild Games, a Swiss Association ("YGG," "we," "us," or "our").

This Privacy Policy explains how we collect, use, and protect personal information when you use the Services at www.vibecode.game and its subdomains.

02 · Data We Collect

We collect the minimum data necessary to operate the Services:

Data Type What It Includes How Collected
Account Data Email address, display name/username, avatar (optional), password hash, OAuth provider identifier (e.g. Google) Registration, sign-in, or OAuth
Profile Preferences Theme preference (light/dark/system), newsletter subscription status Account settings
Developer Profiles Bio, social links, profile image, slug Developer profile submission form
Game Submissions Game title, description, play URL, screenshots, tags, engine, AI tools used Game draft / submission form
Game Jam Submissions Jam entry details linked to your account Game jam submission flow
Engagement Data Game likes, star ratings, review text, play and share event counts In-app actions when signed in or via anonymous play/share events
Newsletter & Reminders Email address, jam reminder list membership Newsletter signup or jam reminder opt-in
Usage Data Pages visited, clicks, session duration, referrer URL Google Analytics / GTM (when enabled and consented)
Device & Technical Data Browser type, OS, device type, IP address Automatically on visit; IP also used for rate limiting
Communications Name, email, message content when you contact us Contact form
Security Verification Cloudflare Turnstile tokens (transient) Forms, sign-in, and abuse-sensitive actions

Data We Do Not Collect

We do not collect payment information, government IDs, precise geolocation, or sensitive personal data as defined under applicable data protection laws.

03 · How We Use Your Data

We use your data only for the purposes described below:

  • To operate and improve the Services — manage accounts, process game and developer submissions, run game jams, and maintain platform functionality.
  • To communicate with you — respond to support requests, send account-related emails (verification, password reset), deliver jam reminders and go-live notifications, and (where consented) send newsletter updates.
  • To analyze and improve performance — understand how the platform is used and make informed product decisions.
  • To prevent abuse — verify requests with Cloudflare Turnstile, enforce rate limits, and detect spam, fraud, and Terms violations.
  • To comply with legal obligations — respond to lawful requests from authorities where required.

We do not use your data for targeted advertising, sell it to third parties, or use it for any purpose incompatible with these purposes.

04 · Cookies & Tracking

We use cookies and similar technologies to operate the Services. See our Cookie Policy for full details.

Category Purpose Duration
Essential (required) Session management, Supabase authentication tokens Session / up to 30 days
Analytics (optional) Aggregate usage stats via Google Analytics 4 or GTM — no cross-site ad tracking Up to 13 months
Preferences (optional) Cookie consent choices stored in local storage Until cleared

Essential cookies cannot be disabled as they are required for the Services to function. You can manage analytics cookies via the consent banner (when enabled) or your browser settings. We do not use advertising or behavioral profiling cookies.

05 · Third-Party Services

We use a small set of trusted third-party providers to operate the platform. Each processes your data only as necessary for their function:

Supabase — Database, Auth & Storage. Stores user accounts, profiles, game drafts, engagement data, and uploaded media. Hosted on AWS infrastructure. Privacy Policy →

Vercel — Hosting & CDN. Serves the website globally. May process IP addresses and request metadata for routing and edge security. Privacy Policy →

Brevo — Transactional & marketing email. Delivers contact form messages, newsletter subscriptions, jam reminders, and go-live campaign emails. Privacy Policy →

Cloudflare Turnstile — Bot protection on sign-in, contact, newsletter, and engagement endpoints. May process IP address and browser signals. Subject to the Turnstile Privacy Addendum. Cloudflare Privacy Policy →

Google Analytics / Google Tag Manager (optional) — Aggregate website analytics when configured and consented. Privacy Policy →

Sentry (optional, server-side) — Error monitoring for API and server-rendered routes. Events are scrubbed of tokens and credentials before upload. Privacy Policy →

Upstash / Vercel KV (optional) — Distributed rate-limit counters in production. May temporarily store hashed IP-derived keys. Upstash Privacy Policy →

Google Fonts — Used only in outbound email HTML templates (not on the public website). The site itself loads fonts self-hosted via Fontsource with no external font requests. Privacy Policy →

We do not integrate social media pixels, ad networks, or behavioral tracking tools on the website.

06 · Data Sharing

We do not sell, rent, or trade your personal information to any third party, ever.

We share data only in these limited circumstances:

  • With service providers listed above, solely to operate the Services.
  • For legal compliance — when required by law, court order, or legitimate government authority.
  • To protect rights — to enforce our Terms, prevent fraud, or address security incidents.
  • In a business transfer — if the platform is acquired or merged, you will be notified before your data is transferred to new ownership.

07 · Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Services:

  • Account data is retained until you request deletion or we close your account.
  • Game and developer submissions remain while published or in moderation; drafts may be deleted per our retention rules.
  • Usage analytics data is retained in aggregated form for up to 24 months.
  • Communication records (support emails) are kept for up to 2 years.
  • Server logs are purged within 90 days.
  • Rate-limit counters expire automatically per provider TTL settings.

Upon account deletion, your personal information is removed from active systems within 30 days. Anonymized, aggregated data may be retained indefinitely.

08 · Your Rights

You have the following rights regarding your personal data. To exercise any of these, contact us at hello@vibecode.game:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your account and associated personal data.
  • Portability — Receive your data in a machine-readable format.
  • Objection — Object to or restrict how we process your data.
  • Opt-out — Unsubscribe from newsletter or jam reminder emails at any time.

We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

09 · Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse:

  • HTTPS encryption for all data in transit.
  • Row-level security (RLS) policies enforced at the database level via Supabase.
  • Secure, hashed password storage — we never store passwords in plain text.
  • Cloudflare Turnstile on sensitive public endpoints.
  • Distributed rate limiting in production.
  • Sentry event scrubbing to remove tokens and credentials from error reports.

No system is 100% secure. If you discover a potential security issue, please report it responsibly to hello@vibecode.game.

10 · Children's Privacy

The Services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

Users between 13 and 18 years of age should use the Services only with the knowledge and consent of a parent or guardian.

11 · International Transfers

YGG uses infrastructure (Supabase/AWS, Vercel, Brevo, Cloudflare) with servers located in the United States and other regions. By using the Services, you acknowledge that your data may be transferred to and processed in countries outside your own, where data protection laws may differ.

We rely on standard contractual clauses and our providers' data protection commitments to safeguard international transfers.

12 · Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the updatedAt date and, for material changes, notify you via email or a prominent notice on the Services.

We encourage you to review this Policy periodically. Your continued use of the Services after any changes constitutes your acceptance of the updated Policy.

13 · Contact

For any privacy-related requests, questions, or concerns — including data access, correction, or deletion requests — reach us at hello@vibecode.game. We will respond within 30 days.

If you are located in the European Economic Area and believe we have processed your data unlawfully, you have the right to lodge a complaint with your local data protection authority.