VibeMS

VibeMS Control Center Privacy Notice

Version 2026-07-10. This notice covers the online VibeMS account, licensing, checkout integration, release delivery and support services operated by Robin Ringl, Berliner Str. 7 63533 Mainhausen, DE.

Data processed

We process business contact names, company names, business email addresses, locale, account-security records, Paddle customer/transaction/subscription identifiers, purchased plan, license and activation identifiers, normalized domains, environment type, CMS version, release downloads, legal acceptances, support correspondence and security audit events. IP addresses used for sensitive events are stored as keyed hashes where full addresses are not needed.

Purposes and legal bases

Data is used to create business accounts, perform contracts, issue and enforce license limits, deliver signed releases, process billing events, prevent fraud, secure the service, meet accounting obligations and answer support requests. Depending on the jurisdiction, processing relies on contract performance, legal obligations and legitimate interests in operating and protecting a B2B software service.

Website content stays local

Licensing does not upload website pages, CMS users, form submissions, backups, editor content, local media, SMTP credentials or MCP tokens to the Control Center. The installed CMS sends only the activation and version data required for licensing and release access.

Payments and service providers

Paddle acts as Merchant of Record and independently processes payment methods, invoices, tax information and checkout risk signals under its own notices. Hosting, transactional-email and security providers may process limited data on our instructions. Provider locations and safeguards are reviewed before production use.

Retention

Account, license and activation data is retained while needed to provide and prove the license. Transaction and legal-acceptance records are retained for applicable tax, accounting and limitation periods. Security and support data is retained only as long as reasonably needed for the corresponding purpose. Data subject to a legal hold or active dispute may be retained longer.

Security and international transfers

We use access controls, encrypted transport, private signing keys, hashed license credentials, audit logs, backups and data minimization. Where personal data is transferred internationally, appropriate contractual or statutory transfer mechanisms are used as required by applicable law.

Rights and contact

Depending on applicable law, individuals may request access, correction, deletion, restriction, portability or objection and may complain to a competent supervisory authority. Some business transaction and security records cannot be deleted immediately where retention is legally required. Requests can be sent to privacy@vibems.io.

Changes

Material changes are versioned and, where required, communicated through the account or business email before they take effect.