Privacy Policy

Last updated: March 26, 2026

1. Who We Are

vyngrip is an AI-powered launch co-founder for developers and creators. We help indie builders find the right communities, craft authentic posts, and time their launches. This privacy policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. When we say “we” or “vyngrip,” we mean the vyngrip service and its operators. When we say “you,” we mean you as a user of our service.

2. Data We Collect

2.1 Data collected via OAuth sign-in

When you sign in with an OAuth provider, we receive limited profile information from that provider. We never receive or store your passwords.

  • Google: email address, display name, and profile picture. Scopes requested: email, profile (managed by Supabase Auth).
  • GitHub: email address and username. Scopes requested:user:email (managed by Supabase Auth).
  • Reddit: username and email (if you have one set on your Reddit account). Scopes requested: identity, read, history. We use these scopes to verify your Reddit identity and assess your posting history for readiness coaching. We request a permanent access token so we can refresh it without requiring you to re-authenticate.

2.2 Data collected directly

  • Email address: if you sign in with a magic link instead of OAuth, we collect the email address you provide.
  • Referral source: an optional free-text field where you can tell us how you heard about vyngrip. This is purely for our own analytics and is never shared.
  • Project metadata: when you create a project in vyngrip, you provide a project name, description, and optionally a URL and README content. This data is used to power community scanning and draft generation.

2.3 Data collected automatically

  • Usage analytics: we use Vercel Analytics and Vercel Speed Insights to collect anonymized performance and usage metrics. These tools do not use cookies and do not track individual users across sessions.

3. Cookies We Use

We use only strictly necessary cookies. We do not use advertising, tracking, or analytics cookies.

  • Supabase auth session cookies: these cookies maintain your authenticated session. They are set by the Supabase authentication library and are essential for the service to function. They are HTTP-only, secure, and scoped to the vyngrip.app domain.
  • x-next-url: a per-request cookie set by our routing middleware to pass the current URL to server components. It is not a persistent browser cookie — it is set on each request and does not store personal data.

4. How We Use Your Data

  • Authentication: your email and OAuth profile are used to create and maintain your account.
  • Service delivery: your project metadata is used to scan communities, generate draft posts, and create daily briefings.
  • AI processing: when generating briefings, drafts, or community scans, your project metadata (name, description, README content) is sent to AI providers for processing. We use OpenAI (GPT-4o) and Anthropic (Claude Sonnet) via the Vercel AI SDK. Your prompts may contain project metadata but never your account credentials, payment information, or OAuth tokens.
  • Email communications: we send transactional emails (magic links, daily briefings) via Resend. We do not send marketing emails without your explicit consent.

5. Payment Data

All payment processing is handled by Stripe. We never see, receive, or store your credit card number, CVV, or full billing address. What we do store locally is limited to: your Stripe customer ID, subscription ID, subscription tier (free, indie, pro, or team), subscription status (active, trialing, canceled, etc.), billing period dates, and trial status. This allows us to determine what features you have access to without querying Stripe on every request.

6. Third-Party Services

We share your data with the following third-party services, each for a specific and necessary purpose:

  • Supabase — database hosting and authentication. Your account data and project data are stored in a Supabase-hosted PostgreSQL database.
  • Stripe — payment processing. Receives your payment method details directly (we never handle them).
  • OpenAI and Anthropic — AI processing. Receives project metadata in prompts for briefing and draft generation. Both providers have data processing agreements and do not use API inputs for model training.
  • Vercel — hosting, serverless functions, and anonymized analytics. Your requests are processed on Vercel's infrastructure.
  • Resend — transactional email delivery. Receives your email address when sending magic links or daily briefings.

We do not sell your data to anyone. We do not share your data with any party not listed above.

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account or a project, we perform a soft-delete — the data is marked as deleted and excluded from all queries immediately, but remains in the database for 30 days in case you change your mind. After 30 days, soft-deleted data is permanently purged. If you want immediate permanent deletion (GDPR hard-delete), contact us and we will process it within 72 hours.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or any jurisdiction with similar data protection laws, you have the following rights:

  • Right of access: you can request a copy of all personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can request that we permanently delete your data (hard-delete, processed within 72 hours).
  • Right to data portability: you can request your data in a structured, machine-readable format.
  • Right to restrict processing: you can ask us to limit how we use your data.
  • Right to object: you can object to processing of your data for specific purposes.

To exercise any of these rights, email us at hello@vyngrip.com. We will respond within 30 days.

9. Security

We take reasonable measures to protect your data. Authentication is handled by Supabase with industry-standard security practices including encrypted connections, secure token storage, and automatic token rotation. All data in transit is encrypted via TLS. Database access is restricted to our application via row-level security policies. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

vyngrip is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of vyngrip after a change constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or your data, contact us at hello@vyngrip.com.

We use essential cookies for authentication. Privacy Policy