Privacy Policy
Vibe x Vibe (VXV) Last updated: 15 March 2026 Version: 1.0
1. Our Commitment to Your Privacy
Agentic Labs (ABN 46 212 791 945) ("VXV", "we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and disclose your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Policy applies to all personal information we collect through the Vibe x Vibe platform at vibexvibe.com ("Platform"), including via our website, mobile interface, and API.
By creating an account and using the Platform, you acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your personal information as described here.
2. What Personal Information We Collect
We collect personal information that is reasonably necessary for our business functions. This includes:
2.1 Account and Identity Information
- Full name
- Email address
- Password (stored in encrypted/hashed form only; we cannot access your password in plaintext)
- Profile photo (if provided)
- Australian Business Number (ABN), where provided for payment purposes
2.2 Demographic and Profiling Information (Testers)
- Age or date of birth
- Country and region of residence
- Gender identity (if provided)
- Interests and category preferences
- Other demographic data you choose to provide when setting up your profile
We collect this information so that your demographic profile can be matched with relevant Campaigns. This data is used as survey targeting criteria and is not shared with Creators in a form that identifies you personally.
2.3 Financial and Payment Information
- Bank account details (collected and stored by our payment processor, Stripe — we do not store your raw bank account details on our servers)
- Wallet balance and transaction history
- Stripe account identifiers
- ABN (for tax withholding purposes)
2.4 Survey Responses and Campaign Activity
- Your responses to Campaigns (surveys and A/B tests)
- Campaign completion records
- Reward accrual and withdrawal history
Your individual responses are linked to your internal tester_id for fraud prevention purposes. Responses are provided to Creators in aggregated and de-identified form.
2.5 Device, Technical, and Behavioural Information
- IP address
- Browser type and version
- Operating system
- Device identifier and fingerprint (via FingerprintJS — see our Cookie and Fingerprinting Notice for details)
- Mouse movement patterns, click timing, scroll behaviour, and time-on-page (collected during survey sessions for bot detection purposes)
- Cloudflare Turnstile challenge data
- Session identifiers and cookies
2.6 Communications
- The content of any support enquiries, complaints, or other communications you send us
3. How We Collect Personal Information
We collect personal information:
- Directly from you — when you register, complete your profile, participate in surveys, initiate a withdrawal, or contact us.
- Automatically — via cookies, device fingerprinting, and behavioural monitoring technology as you use the Platform. See our Cookie and Fingerprinting Notice for full details.
- From third parties — Stripe may provide us with payment status, KYC verification outcomes, and payout event data. Authentication providers (where OAuth login is used) may provide your name and email address.
4. Why We Collect and Use Your Personal Information
| Purpose | Type of information used | Legal basis (APP 3 / 6) |
|---|---|---|
| Providing and operating the Platform | Account, identity, activity data | Necessary for our contract with you |
| Matching Testers to relevant Campaigns | Demographic profiling data | Necessary for our contract with you |
| Processing Creator payments and Credit purchases | Payment and financial data | Necessary for our contract with you |
| Processing Tester withdrawals (payouts) | Identity, bank, ABN data | Necessary for our contract with you |
| Fraud prevention and platform integrity | Device, behavioural, fingerprint data | Our legitimate interest; AML/CTF legal obligation |
| Complying with AML/CTF and tax obligations | Identity, financial, ABN data | Legal obligation (AML/CTF Act; Tax Administration Act) |
| Communicating with you about your account | Contact and account data | Necessary for our contract; legitimate interest |
| Sending product updates and promotional messages | Email address | Your consent (you may opt out at any time) |
| Improving the Platform | Aggregated usage analytics | Legitimate interest |
| Responding to support queries | Communications data | Legitimate interest |
We will not use your personal information for any purpose that is incompatible with the primary purpose of collection without your consent, unless otherwise permitted by law.
5. Disclosure of Personal Information
We may disclose your personal information to:
5.1 Service Providers (Overseas Disclosure — APP 8)
We use the following third-party service providers, some of whom are located outside Australia. By using the Platform you consent to this cross-border disclosure. We take reasonable steps to ensure these providers comply with privacy standards substantially similar to the APPs.
| Provider | Country | Purpose | Their Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | United States | Payment processing, KYC/identity verification, payouts | stripe.com/privacy |
| Supabase, Inc. | United States (AWS us-east-1) | Database hosting, authentication, real-time services | supabase.com/privacy |
| Google LLC (Gemini API) | United States | AI-powered bot/fraud detection analysis | policies.google.com/privacy |
| Cloudflare, Inc. | United States | Security, DDoS protection, Turnstile challenge | cloudflare.com/privacypolicy |
| FingerprintJS, Inc. | United States | Device fingerprinting for fraud prevention | fingerprint.com/privacy-policy |
| Resend, Inc. | United States | Transactional email delivery | resend.com/legal/privacy-policy |
Under APP 8.1, before we disclose your personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the APPs. Where we cannot fully ensure this, we have obtained your consent to the disclosure.
5.2 Regulatory and Legal Disclosures
We may disclose your personal information to:
- AUSTRAC and other Australian government bodies as required by the AML/CTF Act 2006;
- the Australian Taxation Office (ATO) as required by tax law;
- law enforcement agencies or courts where required by law or valid legal process;
- other parties where disclosure is required to protect the rights, property, or safety of VXV, our users, or the public.
5.3 Business Transfers
If VXV is acquired by or merged with another company, your personal information may be transferred to the acquiring entity. We will notify you before this occurs where required by law.
5.4 No Sale of Personal Information
We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes.
6. Data Security
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest within our database infrastructure
- Hashed (bcrypt) storage of passwords — we cannot access your password in plaintext
- Row-level security policies within our database
- Role-based access controls limiting staff access to personal information
- Third-party security services (Cloudflare)
While we take these precautions, no data transmission over the internet is completely secure. We cannot guarantee the security of information you transmit to us.
Notifiable Data Breaches: In the event of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable in accordance with the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC).
7. Data Retention
We retain your personal information for as long as your account is active and for a reasonable period thereafter to:
- comply with our legal obligations (e.g., ATO record-keeping requirements — generally 5 years);
- resolve disputes and enforce our agreements;
- defend legal claims.
When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.
Survey responses are retained for the life of the associated Campaign and for a minimum period thereafter for fraud investigation purposes.
8. Cookies and Tracking Technologies
We use cookies, device fingerprinting, and behavioural tracking on the Platform. For full details, please read our Cookie and Fingerprinting Notice, which forms part of this Privacy Policy.
9. Your Privacy Rights Under the Australian Privacy Act
Under the APPs, you have the following rights:
9.1 Right to Access (APP 12)
You have the right to request access to the personal information we hold about you. To make a request, contact us at privacy@vibexvibe.com. We will respond within 30 days. We may charge a reasonable fee for providing access in certain circumstances.
We may refuse access in limited circumstances permitted by law (e.g., where access would unreasonably impact the privacy of others, or where required for law enforcement purposes).
9.2 Right to Correction (APP 13)
If you believe any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request correction. You can update most profile information directly in your account settings, or contact us at privacy@vibexvibe.com.
9.3 Right to Make a Complaint (APP 1)
If you believe we have breached the APPs, you may lodge a complaint with us at privacy@vibexvibe.com. We will investigate and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
9.4 Opt-out of Marketing Communications
You may opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@vibexvibe.com. Opting out of marketing does not affect transactional communications related to your account.
10. Children
The Platform is not directed to persons under 18 years of age. We do not knowingly collect personal information from minors. If you become aware that a minor has created an account, please contact us immediately at privacy@vibexvibe.com and we will delete the account.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the Platform. The updated Policy will take effect 14 days after notice is given. Your continued use of the Platform after that date constitutes your acceptance of the updated Policy.
12. Contact Us
For privacy-related enquiries, access requests, or complaints:
Privacy Officer Agentic Labs Email: privacy@vibexvibe.com ABN: 46 212 791 945
This Privacy Policy was prepared with reference to the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (Schedule 1). It was last reviewed on 15 March 2026.