Privacy Policy

1. Our Philosophy

Vibesmithing is built on the belief that your digital life should be private by default. We do not sell your data. We do not use third-party advertising trackers. We do not employ dark patterns. We minimize data collection to only what is necessary to facilitate the platform experience.

Your listening habits will never be sold to advertisers. This is a constitutional principle of the platform.

2. Data We Collect

3. Engagement & The Vibe Reactor

When you engage with a track via the Vibe Reactor, that data is recorded and used for several purposes:

• Art Drip System: Your engagement data (resonance coverage, completion rates, listening frequency) drives which art is offered to you and how quickly. This is processed by automated drip algorithms.
• Artist Analytics: Artists see aggregated, anonymized engagement trends (e.g., “50% of listeners loved this bridge”). For detailed analytics features, some engagement data may be associated with your listener profile if you have explicitly interacted with an artist's community.
• Community Ownership: Engagement events contribute to your value score for community ownership tracking (purchases, tips, patronage, referrals — not listening hours or page views).

4. Third-Party Services

We use the following third-party services to operate the platform. Each receives only the minimum data necessary for its function:

We do not store your full payment information. All payment transactions are handled by Stripe. AI providers (OpenRouter, Replicate) receive prompts and images for processing but do not receive personally identifiable information.

5. Physical Goods & Fulfillment

When you order physical products (prints, apparel, phone cases, canvas, greeting cards) fulfilled by Gelato, we share the necessary fulfillment data: your name, shipping address, and specific artwork/product details. Gelato processes this data according to their own privacy policy.

We retain order history (items, amounts, dates) for your records and artist revenue accounting. Shipping addresses are stored only for order fulfillment and support purposes.

6. AI Art Generation

When artists use our AI art tools:

• Prompts: Text prompts are sent to third-party AI providers (via OpenRouter) for processing. Prompts do not contain personally identifiable information.
• Images: Source images are sent to image processing providers (Replicate, Magnific/Freepik) for upscaling and processing. These images are art assets, not personal photos.
• Credit Usage: We track credit purchases and usage for billing purposes.
• Generated Outputs: AI-generated images are stored in our platform infrastructure (Supabase Storage) and associated with the artist's account.

7. ArtCannon (Relay Network)

The ArtCannon relay network involves unique privacy considerations:

• Relay Operators: Your IP address is visible to peers you serve content to via WebRTC connections. Use of Cloudflare Tunnel (built into ArtCannon) is recommended to mask your IP. You may opt out of relay operation at any time by closing the ArtCannon app.
• Listeners: If you receive content from a relay peer (rather than our CDN), the relay operator can see your IP address. The platform defaults to CDN delivery; peer-to-peer is a transparent optimization. Casual listeners are not exposed unless the platform routes content through relays.
• Cached Content: Copyrighted music and art files are stored on relay operators' local disks as cached files. These files are content-addressed (SHA-256 verified) and managed by the ArtCannon application. Operators should not access, modify, or redistribute these files directly.
• Bandwidth Metrics: We collect bandwidth served, tracks served, unique peers served, and connection metadata from relay nodes for credit calculation and network health monitoring.

8. Radio Listening Data

Radio 2.0 provides curated continuous playback. During radio sessions, we collect:

• Tracks played and listening duration per track
• Radio mode preferences (Full Album, Pearl Diving)
• Skip behavior and engagement signals
• Callout interactions (if applicable)

Radio listening data contributes to your overall engagement profile and may influence art drip selection. It is included in anonymized artist analytics.

9. Community Ownership Data

To facilitate the planned community ownership model, we track value-creating actions:

• Purchase amounts and frequency
• Tips given (amounts, recipients)
• Patronage contributions
• Referral activity and resulting purchases
• Engagement scoring (computed, not raw listening hours)

This data is currently tracked provisionally. When the legal ownership structure is formalized, this tracking will be reconciled with the formal share system.

10. Cookies & Local Storage

We use cookies and local storage for:

• Authentication: Session cookies to keep you logged in (Supabase Auth).
• Cart Persistence: Guest cart data stored via session cookies until login/checkout.
• Audio Caching: Service Workers may cache audio files in your browser for faster repeat playback. This data stays on your device and reduces network traffic.
• Preferences: UI preferences (radio mode, volume, etc.) stored locally.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Data Deletion

You have the “Right to be Forgotten.” You may delete your account and all associated personal data at any time through your account settings. Your account enters a 14-day recovery window before permanent deletion.

Note: Physical order history with Gelato is subject to their own retention policies. Community ownership tracking data will be anonymized upon deletion. AI-generated art created by artists who delete their accounts will be disassociated from the deleted profile.

12. Listening Data Retention

Your listening activity — what you played, when, and your reactions — provides valuable feedback to artists. This data is anonymized and retained as part of artist analytics, even if you delete your account.

We believe this is a fair exchange: artists share their work with you, and your attention becomes part of their story. The aggregated, anonymized listening patterns help artists understand what's working — but they can't identify you personally.

13. Mobile Applications

Our iOS and Android apps (“The Playful Universe”) provide the same listening experience in a native wrapper. The apps:

• Do not collect device identifiers, location data, or contacts.
• Store session data locally on your device (cookies and local storage) to maintain your listening progress.
• Require internet access to stream music and sync your listening history with our servers.

Uninstalling the app will clear locally stored data. If you've saved your access with an email, your listening history remains on our servers and can be recovered.

14. Changes to This Policy

We may update this privacy policy as the platform evolves. Material changes will be communicated via email or in-platform notification. The “Last Updated” date at the top of this page indicates when this policy was most recently revised.