Privacy Policy
VCI Marketplace, operated by Vibe Coding Incubator LLC (Stripe d/b/a "Marketplace VC Inc.")
Effective date: June 1, 2026 Last updated: June 1, 2026
This Privacy Policy explains what personal information Vibe Coding Incubator LLC collects when you use VCI Marketplace, why, who we share it with, where we keep it, and the rights you have to control it. We operate a marketplace for one-time-purchase software deals (the lifetime-deal model). We deliberately keep what we collect to a minimum: there are no analytics trackers, no marketing emails, and no cookies beyond what is strictly necessary to keep you logged in.
1. Who we are
VCI Marketplace (the "Platform") is operated by Vibe Coding Incubator LLC, a limited liability company organized in Arizona, USA, with its registered office at 14747 N. 97th St., Scottsdale, AZ 85260 (also doing business on Stripe as "Marketplace VC Inc."). In this Policy "we," "our," and "us" refer to Vibe Coding Incubator LLC.
1.1 Where the Platform is available
The Platform is intended for users in the United States. We do not currently offer the Platform to, or direct it at, residents of the European Union, the United Kingdom, or Switzerland, and we do not solicit or knowingly accept registrations from those regions. If we begin serving those regions, we will update this Policy and add the protections their laws require before doing so.
1.2 How to reach us about privacy
For any question about this Policy or your personal information, contact us at privacy@vcinc.ai. We do not currently have a Data Protection Officer; the same address is monitored by our legal and engineering leadership.
2. Scope
This Policy applies to: the website at marketplace.vcinc.ai; the marketplace storefront; redemption flows for codes issued through the Platform; the public code-validation API; email we send you (account, transactional, and security messages); and the support email address.
It does not apply to the third-party software ("Apps") you buy through the Platform. Each App is operated by an independent seller ("Vibe Coder") who is responsible for its own privacy practices once you redeem a code and start using the App. The seller's privacy notice will be linked from the deal listing or from the App itself.
3. What we collect
We collect personal information in three ways: (a) information you give us, (b) information we collect automatically when you use the Platform, and (c) information we receive from third parties acting on your behalf.
3.1 Information you give us
Buyers
- Account: name, email address, password (hashed and stored by our authentication provider; we never see the plaintext), and (optionally) avatar.
- Sign in with a third-party account (single sign-on): if you use a third-party sign-in (single sign-on) provider, we receive the email, name, and avatar it shares, nothing else.
- Purchase: the buyer email captured by Stripe Checkout. We never see your card details. Stripe handles the entire payment page.
- Reviews and ratings: if you choose to review a deal, the text and rating you submit. Reviews are held for moderation before they appear.
- Support correspondence: anything you write to us at contact@vcinc.ai or to a seller through the Platform.
Sellers ("Vibe Coders")
- Account: same as buyers, plus the timestamp at which you accepted the Seller Agreement.
- Public seller profile: display name, biography, website, logo, and social-media links (X/Twitter, GitHub, LinkedIn, Discord) you choose to publish.
- Deal listings: descriptions, pricing, FAQs, testimonials, images, and demo-video URLs you upload.
- KYC and payout data, held by Stripe, not by us: when you complete Stripe Connect Express onboarding, Stripe collects and stores your identity, business, tax, and bank information. We see only your Stripe account reference and information Stripe surfaces to us about onboarding completion and payout status.
3.2 Information we collect automatically
- Authentication and security logs: we log sign-in attempts (successful and failed), IP address, and basic device fingerprint information for rate-limiting and abuse-prevention. We protect IP addresses in these logs using encryption and access controls.
- Service usage records: purchases you complete, redemption-code activations, deals you view, reviews you write, support tickets you open, and (for sellers) listing edits and API-key usage. These exist so the marketplace works; they are not used to build profiles for advertising.
- Public code-validation API: when a seller's App calls our API to verify a redemption code, we record the request IP and timestamp for fraud and abuse detection.
- No analytics, no tracking, no advertising cookies. We do not run analytics, telemetry, session-replay, or advertising/tracking tools of any kind. See our Cookie Policy for the complete list of what is set in your browser.
3.3 Information from third parties
- Stripe: when you check out, Stripe sends us a confirmation that includes your email, the amount charged, the deal you purchased, the currency, and Stripe identifiers. Stripe handles all card data on its own pages.
- Third-party sign-in (only if you sign in with a third-party account): we receive the data described in Section 3.1, with the scopes shown on the sign-in provider's consent screen.
- Third-party video provider (only when you watch a demo video): seller listings may embed a video. When you play that video, the third-party video provider receives your IP and viewing data under its own privacy policy. We do not control or receive the video provider's data.
3.4 What we do not collect
We do not collect, and we do not store on our systems:
- phone numbers, postal addresses, dates of birth, government IDs, Social Security numbers, or tax identifiers (for sellers, Stripe collects these directly; we do not see them);
- payment card numbers or bank account details (Stripe handles these);
- special-category / sensitive data (health, biometric, race/ethnicity, religion, politics, sexual orientation). Please do not put this information into free-text fields like reviews or testimonials.
4. Why we use it
We use the information described above to:
- Run the marketplace: create and authenticate your account, display deals, process purchases through Stripe, issue and validate single-use redemption codes, allow sellers to publish listings, calculate revenue shares, and run seller payouts.
- Send transactional email: purchase confirmations and codes, seller sale notifications, payout reports, deal approval/rejection notices, failed-payment and refund notices, email verification, and password reset. Delivery is handled by our email delivery provider. We do not send marketing email.
- Provide support: answer your messages, investigate disputes, process refunds where warranted.
- Keep the Platform safe: rate-limit abusive behavior, detect fraudulent purchases or chargeback fraud, scan uploaded App artifacts for known malicious signatures, and protect against account takeovers.
- Meet legal obligations: respond to lawful requests; retain financial records (purchases, refunds, payouts) for the period required by tax and accounting law.
5. Who we share it with
We share personal information only with the categories of recipients listed below, and only as needed for the purpose stated.
5.1 Sellers ("Vibe Coders")
When you buy a deal, we share your name and email with the seller for two purposes only: (a) to deliver the App and the redemption code, and (b) to allow the seller to provide you with support and necessary service messages about your purchase. Sellers are independent businesses; for the data we share with them, they act as separate, independent data controllers. The Seller Agreement explicitly prohibits sellers from using buyer data for marketing or any unauthorized purpose.
5.2 Service providers (sub-processors)
We rely on a small set of service providers to run the Platform. Our current list, with purpose, data categories, and location, is published at /subprocessors and is incorporated into this Policy by reference. Summary: a cloud database and authentication provider; a payment processor (Stripe and Stripe Connect); a cloud hosting and storage provider; a content delivery network; an email delivery provider; and a third-party video provider for demo videos.
5.3 Legal requests and safety
We may disclose personal information when we believe in good faith that disclosure is necessary to comply with applicable law, a court order, or a lawful request from a public authority; to enforce our Terms, Seller Agreement, or Acceptable Use Policy; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Vibe Coding Incubator LLC, our users, or others. Where lawful, we will tell you before disclosing your information in response to such a request.
5.4 Business transfers
If we are acquired, reorganized, or sold, your information may be transferred to the acquirer subject to this Policy or a successor privacy policy. We will notify you of any such transfer before it changes how your information is handled.
5.5 We do not sell or share for advertising
We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising. Under California, Colorado, Connecticut, and similar US state privacy laws, these terms can be defined broadly, so we have reviewed our actual data flows: no advertising or analytics partner receives your personal information from us. If this ever changes, we will update this Policy and add the required "Do Not Sell or Share My Personal Information" link before any such activity begins.
6. Where your information is held
Our primary infrastructure is located in the United States using reputable cloud providers. Because the Platform is offered to users in the United States, your information is processed in the United States.
7. How long we keep it
We keep personal information only as long as we need it for the purposes in this Policy or as required by law.
8. Your rights
8.1 Rights available to everyone
Regardless of where you live, you can ask us to:
- Access your personal information and receive a copy;
- Correct inaccurate or out-of-date information (much of this you can update directly in your account);
- Delete your personal information, subject to the limits described below;
- Export your personal information in a portable, machine-readable format;
- Close your account by contacting us at privacy@vcinc.ai.
Important note on deletion: if you ask us to delete your account, you will lose access to any deals you have purchased and to the redemption codes tied to them. We do not refund purchases as a result of an erasure request. We will retain the minimum transaction records required by law (tax, accounting, anti-fraud) for the periods set out in Section 7.
8.2 Additional rights: US state residents
If you reside in a US state with a comprehensive consumer-privacy law (currently California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Kentucky, Tennessee, Minnesota, Maryland, Indiana, Rhode Island, Nebraska, and equivalent jurisdictions), you also have, where the applicable law grants them, the rights to: confirm whether we are processing your personal information; opt out of "sale" and "sharing" (we do not engage in either); opt out of profiling for solely-automated decisions with significant effects (we do not engage in such profiling); limit use and disclosure of sensitive personal information (we do not knowingly collect it); appeal a denial of a rights request; and designate an authorized agent. California residents have additional rights under the CCPA as amended by the CPRA.
8.3 Global Privacy Control (GPC)
We honor the Global Privacy Control signal as a valid opt-out of sale/sharing and of targeted advertising for users in California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas, even though we do not currently engage in sale, sharing, or targeted advertising. If those practices ever change, the opt-out you have signaled will be respected by default.
8.4 How to exercise your rights
Email us at privacy@vcinc.ai from the address on your account. To protect your data, we may ask you to verify control of your account before fulfilling requests. We will respond within the time limit set by the applicable law (generally 45 days under most US state laws) with one extension where reasonably necessary. There is no fee, except for requests that are manifestly unfounded or excessive.
9. Children
The Platform is not directed to children. You must be at least 18 years old to use the Platform, both to buy and to sell. We do not knowingly collect personal information from anyone under 18, and we do not market to minors. We do not currently operate a technical age-verification mechanism; the 18+ requirement is contractual. If we learn that we have collected personal information from someone under 18 without lawful authorization, we will delete it promptly. If you believe a minor has provided us with personal information, contact privacy@vcinc.ai.
10. Security
We use commercially reasonable administrative, technical, and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:
- Encryption of data in transit.
- Encryption of data at rest.
- Additional encryption of particularly sensitive fields.
- Strong, one-way hashing of secrets, API keys, and webhook signing secrets.
- Authentication is handled by a dedicated authentication provider using secure access tokens on every request; we never store or see your password. We also log failed attempts and apply rate limiting.
- Strict isolation between customer accounts, enforced server-side on every request.
- Database access controls that isolate each account's data.
- Secrets held in a secure secrets-management system, never in source code.
- Verification of the authenticity of payment notifications from Stripe, with idempotent, retry-safe processing.
- Hardened browser security headers.
10.1 Breach notification
If we become aware of a personal data breach likely to result in a risk to your rights, we will notify affected users and the relevant authorities within the timeframes required by each applicable US state law.
11. Cookies and similar technologies
We use a very small number of strictly-necessary cookies, mainly to keep you signed in. We do not use analytics, advertising, or tracking cookies. See our separate Cookie Policy for the full list.
12. Automated decisions
We do not make decisions about you that are based solely on automated processing and that produce legal or similarly significant effects. Listing approval is performed by human moderators; refund decisions outside of full-refund flows are reviewed by humans; account suspensions are reviewed by humans.
13. Changes to this Policy
We may update this Policy. When we make material changes, we will send a notice to the email address on your account and post a prominent notice on the Platform, at least 30 days before the change takes effect, except where a shorter period is required by law or to address a security or legal risk. The "Last updated" date at the top of this Policy reflects the most recent revision. Continued use of the Platform after the change takes effect means you accept the updated Policy.
14. Contact
For any privacy question, contact us at privacy@vcinc.ai. For general support, write to contact@vcinc.ai. By post: Vibe Coding Incubator LLC, 14747 N. 97th St., Scottsdale, AZ 85260.