Legal

Privacy Policy

Last updated: 2026-03-22

This Privacy Policy explains how VibeMile ("we", "us", "our") collects, uses, and protects your information when you use our platform, website, or related services. It is a general overview and does not constitute legal advice.

1. Who we are

VibeMile is an embeddable AI agent runtime that enables SaaS companies to offer AI-powered workflow creation to their end-users. The service is operated by SIA "OffBeat IT", a company registered in Latvia (registration No. 40203503379). For the purposes of data protection laws (such as GDPR in the EU/EEA), SIA "OffBeat IT" is the controller of your personal data when you use our service.

2. Data we collect

We collect the following categories of information when you use VibeMile:

  • Account and contact data: name, email address, company name, and authentication credentials.
  • Usage data: conversations with the AI agent, workflow scripts, uploaded files, execution logs, and interaction history.
  • Billing data: subscription details, usage metrics for metering, and limited billing information processed via our payment provider. We do not store full payment card details.
  • Technical data: IP address, browser and device info, timestamps, and basic log data for security and debugging.

3. How we use your data

We use your information to:

  • Provide the core service: run AI agent sessions, execute workflows in sandboxed environments, and generate outputs.
  • Manage your account, organization, and integrations.
  • Process billing and usage metering for container compute and LLM token consumption.
  • Improve and secure the service, including monitoring for abuse and technical issues.
  • Comply with our legal obligations (e.g. accounting, tax, fraud prevention).

4. Legal bases (for users in the EU/EEA/UK)

Where GDPR or similar laws apply, we process your personal data on the following bases:

  • Contract: to provide the service you have signed up for.
  • Legitimate interests: to run, improve, and protect our service in a way that does not override your rights.
  • Legal obligation: to comply with applicable laws and regulations.
  • Consent: for certain optional features, where we clearly ask you first. You may withdraw such consent at any time.

5. Use of AI and LLM providers

To power the AI agent and workflow creation, we send conversation data and context to third-party large language model (LLM) providers for processing.

  • We share only what is necessary to generate the agent's responses and code (e.g. conversation messages, file metadata).
  • These providers process the data on our behalf in accordance with their own terms and privacy policies.
  • Uploaded files are processed within isolated sandbox environments and are not shared with LLM providers unless necessary for the workflow.
  • We do not use AI outputs to make automated decisions with legal or similarly significant effects about you.

6. Sandboxed execution and data isolation

Workflow code runs in isolated container environments. Each tenant's execution environment is separate from others. Files uploaded for processing are stored temporarily within the sandbox and deleted after workflow completion unless explicitly saved. We use third-party infrastructure providers to host these execution environments.

7. Third-party services

We use the following categories of third-party services:

  • Authentication: identity and access management services for secure login and organization management.
  • LLM providers: for AI-powered code generation and conversational interactions.
  • Sandbox infrastructure: for isolated code execution environments.
  • Hosting & databases: cloud infrastructure for application hosting and data storage.
  • Payment processing: for billing and subscription management.

We aim to work only with providers that follow appropriate security and data protection practices.

8. How we share your data

We do not sell your personal data. We may share your data:

  • With service providers who help us operate the platform (hosting, AI, analytics, payment, support).
  • When required by law, legal process, or to protect our rights, users, or the public.
  • In connection with a merger, acquisition, or other business transaction, subject to appropriate safeguards.

9. Data retention

We keep your personal data only as long as necessary to provide the service and for legitimate business or legal purposes. Conversation history and workflow scripts may be retained while your account is active so that workflows can be re-executed. After you delete your account or we no longer need the data, we will delete or anonymize it within a reasonable period, unless we must keep it longer for legal reasons.

10. International data transfers

Our servers and some of our providers may be located in other countries. If your data is transferred outside your country or region (for example, outside the EU/EEA), we aim to use appropriate safeguards such as standard contractual clauses or equivalent mechanisms as required by law.

11. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, subject to legal limits.
  • Object to or restrict certain processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent where processing is based on consent.

To exercise your rights, contact us using the details below. We may need to verify your identity before responding.

12. Security

We use reasonable technical and organizational measures to protect your data, including encrypted credential storage, access controls, tenant isolation, and secure sandbox environments. However, no online service can be 100% secure, and we cannot guarantee absolute security of information transmitted over the internet.

13. Children's privacy

VibeMile is a business-to-business service and is not intended for children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children under this age. If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

14. Cookies and similar technologies

If you visit our website, we may use cookies or similar technologies to operate the site, remember your preferences, and understand usage patterns. You can control cookies through your browser settings or via the cookie preferences on our website.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, inform you via our website or email.

16. Contact us

If you have questions about this Privacy Policy or how we handle your data, you can contact the data controller at:

  • SIA "OffBeat IT"
  • Registration No. 40203503379
  • Country of registration: Latvia
  • Email: support@vibemile.ai

You can also reach us through our contact form.