VIBROSPACES PRIVACY POLICY

Version and Publication Date

Version: 4.5

Published: 14.11.2025

At Vibrospaces, we are dedicated to safeguarding your privacy and maintaining your trust. This Privacy Policy (“Privacy Policy”) describes what personal information we collect, why we collect it, and how we protect it.

This Privacy Policy explains how Vibrospaces collects, uses, stores, and shares information from individuals (each a “User”) who interact with vibrospaces.com, including any subdomains, subpages, successor websites, or applications accessible via our website (the “Website”). It applies to the Website and to all products and services we make available through it.

This policy covers information we collect:

  • Through the Website;
  • In email, text, or other electronic communications between you and the Website;
  • Through mobile and desktop applications that you download from this Website or otherwise, which provide non-browser-based interaction between you and the Website;
  • When you interact with our advertising and applications on third-party websites and services, where those applications or advertising include a link to this Privacy Policy.

This Privacy Policy does not apply to information:

  • Collected offline or via any other means; or
  • Collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.

Please read this Privacy Policy carefully to understand how we handle your personal information. If you do not agree with any part of this Policy, you should not use our Website. By accessing or using the Website, you agree to the terms of this Privacy Policy.

We may update this Privacy Policy from time to time (see “Changes to This Privacy Policy” below). Your continued use of the Website following any changes will be treated as acceptance of those changes, so we encourage you to review this Privacy Policy regularly.

DATA CONTROLLER

This Privacy Policy is issued on behalf of Vibrospaces. When we refer to “Vibrospaces”, “we”, “us” or “our” in this Privacy Policy, we mean the relevant Vibrospaces entity responsible for processing your personal data as the data controller.

TYPES OF INFORMATION WE COLLECT AND RETENTION PERIODS

Categories of Data We Collect

We collect both personal information and anonymous information, and we may combine them to create aggregated information. These terms are further explained in the “Definitions” section.

Examples of the information we may collect include:

  • Contact details, such as first name and surname, email address, residential address, and mobile or other phone numbers;
  • Personal information such as gender, age or age range, and your image;
  • Account login details, including username, password, and images used for your profile;
  • Information you provide when you make in-app purchases, interact with our services, or contact customer support (e.g., your name, email address, and virtual item transaction history);
  • Information exchanged between Users in messages, live chat, posts, or similar communication channels;
  • Information received from third parties such as platform providers (including social networks like Facebook) about your use of, or interest in, our services;
  • Location information, such as data from a mobile device or other device interacting with our Website, or information linked to your IP address, where permitted by law;
  • Activity, technical, and device data relating to your use of our Website, for example:
  • Pages or content you view,
  • The time and duration of your visits,
  • How frequently you use our services,
  • How you first found our Website,
  • Your preferences and interaction with content,
  • Hardware model, device type, unique device identifiers, operating system version, browser type, and IP address;
  • Government-issued identification, which may be requested only when necessary to verify your account for security, fraud prevention, and age-verification purposes.

How Long We Keep Your Information

We retain personal information only for as long as necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

For UK residents, the table below summarizes the categories of personal information (as defined under UK law) processed in the last 12 months and the corresponding retention periods or rationale.

Retention Table

  • Category A – Identifiers

Examples: Name, alias, postal address, email address, phone number, account name, IP address, government-issued identifiers (e.g., passport number, driver’s licence number).

Collected: Yes

Retention: 3 years – retained for account administration, legal obligations, and operational needs.

  • Category B – Personal information

Examples: Employment history, education, insurance policy numbers, health or medical information.

Collected: Yes

Retention: 3 years – retained for contractual purposes and legal obligations.

  • Category C – Special category data

Examples: Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sexual orientation, sex/gender.

Collected: Yes (only where lawful and strictly necessary).

Retention: 3 years – processed only where permitted by law (e.g., explicit consent, legal obligation, or legitimate interest).

  • Category D – Commercial information

Examples: Records of products or services received, considered, or used; browsing and consumption preferences.

Collected: Yes

Retention: 3 years – retained for marketing analysis, customer relationship management, and service optimisation.

  • Category E – Biometric or genetic information

Examples: Fingerprints, facial recognition templates, iris scans, DNA data.

Collected: No

Retention: Not applicable.

  • Category F – Online activity and interaction

Examples: Website browsing history, search history, interactions with advertisements, app usage.

Collected: Yes

Retention: 3 years – used to improve services and enhance Website performance.

  • Category G – Location data

Examples: GPS, device location, or movement patterns.

Collected: Yes

Retention: 3 years – used to provide location-based services and improve logistics or eligibility checks.

  • Category H – Sensory data

Examples: Audio, video, thermal, olfactory, or similar data.

Collected: No

Retention: Not applicable.

  • Category I – Employment/professional data

Examples: Job history, performance evaluations, qualifications.

Collected: No

Retention: Not applicable.

  • Category J – Educational data

Examples: Student records, grades, transcripts, schedules.

Collected: No

Retention: Not applicable.

  • Category K – Inferences/profiles

Examples: Preferences, characteristics, psychological trends, behaviour patterns.

Collected: No (or only in limited cases).

Retention: 3 years – used only for improving services and personalisation where relevant.

HOW WE COLLECT YOUR INFORMATION / SOURCES OF INFORMATION

We collect information you provide to us in several ways, including when you:

  • Visit or browse our Website;
  • Register an account on the Website;
  • Receive or access products and services on the Website;
  • Respond to surveys;
  • Fill out forms; or
  • Participate in other activities, features, or resources made available on our Website.

In addition to the Website, we may collect information from you:

  • By telephone or video call;
  • Through correspondence channels such as email, live chat, mail, text message, or social media.

Telephone and video calls between Users and Vibrospaces representatives may be recorded for training, quality assurance, and compliance purposes. By continuing with such calls, you consent to the recording.

We also gather information about how you use our products and services through various technologies deployed when you visit our Website or use our applications on third-party sites or platforms (whether or not you are logged in), including cookies, flash cookies, pixels, tags, and application programming interfaces (“APIs”). See “Personal Data Collected via Technology” below for more details.

We use analytics tools to help us understand usage patterns, including when you visit our Website or access our applications or services on third-party platforms.

In certain cases, we rely on trusted external sources to verify, supplement, or update the information you provide (for example, verifying postal addresses, documentation, or names).

HOW WE USE YOUR INFORMATION

The Data Controller is responsible for using your information for the purposes described in this Privacy Policy. Other Vibrospaces group entities may access and process your information as data processors acting on our behalf, in accordance with this Privacy Policy.

In summary, we use information to:

  • Operate the Website and our services;
  • Provide and maintain your account;
  • Communicate with you and respond to queries; and
  • Meet our regulatory and legal obligations.

Subject to applicable law and your available choices, Vibrospaces may use your information for the following specific purposes:

  • Providing and managing services you request

For example, processing your registration, creating and maintaining your account, verifying your identity, and carrying out checks to prevent fraud or misuse.

  • Improving customer support and our services

Information you provide helps us handle support requests more efficiently and refine our products and services based on your feedback.

  • Processing in-app purchases and virtual currency transactions

We may use the information you provide to process in-app purchases securely, manage your virtual balance (including Vibro Coin or other virtual items), and maintain a safe and seamless experience.

  • Personalising your experience

We may use aggregated and anonymised information to understand how groups of Users engage with our Website, content, and services and to tailor offerings or recommendations.

  • Communicating with you about our services

We may contact you by email, live chat, mail, text, or social media to administer your account, manage promotions or competitions you choose to enter, and provide information about our products and services, including promotions, contests, surveys, and new features available to you. Provision of your telephone number may be treated as consent to receive automated text messages, as permitted by law. Consent to receive marketing communications is not a condition of purchase.

  • Sending important notices

We may send you essential communications relating to your account (for example, confirmations of in-game purchases, security notifications, or updates to our terms and policies). These notices are part of our services, and you acknowledge that you may not opt out of receiving them where they are legally or operationally required.

  • Legal, regulatory, and security purposes

We may use information about your usage and gameplay to promote a safe and responsible environment, prevent fraud or abuse, investigate suspicious activity, and protect our Users and our platform.

  • Alternative dispute resolution

In certain cases, we may provide information we hold about you to a trusted third-party partner for the specific purpose of resolving disputes that could not be fully resolved through our internal processes.

We do not engage in automated decision making within the meaning of European data protection laws where such decisions produce legal or similarly significant effects on you.

PERSONAL DATA COLLECTED VIA TECHNOLOGY

When you use our Website, we aim to make your experience smooth and tailored. We and our partners rely on various standard technologies, such as cookies and similar tools.

These technologies are typically small files stored on your computer, tablet, phone, or other device when you visit a website. They allow us to record certain information about your visit and interactions.

Examples include:

  • Cookies

Small text files placed in your browser to remember preferences and improve your experience. Most browsers allow you to block or delete cookies; however, some features of our Website may not function correctly if you disable them. Unless you adjust your browser settings to refuse cookies, our system will place cookies when you visit our Website.

  • Pixel tags / web beacons

Small code fragments embedded in our Website or emails, which help us understand how Users interact with specific pages or content (for example, whether an email has been opened, acted upon, or forwarded).

  • Mobile device identifiers

We may share advertising identifiers linked to your mobile device or tablet (such as Apple’s IDFA or Google Advertising ID) with advertisers for internet-based advertising purposes.

  • Event tagging

Technologies like Facebook App Events or similar tools allow us to track actions such as app installs, purchase events, or other in-app behaviour. This helps us understand performance, measure advertising effectiveness, and build audiences for targeted advertising.

  • Behavioural advertising

We may work with third parties to display advertising on our Website or on third-party sites and applications, including through custom audiences on social networks. These partners may use cookies or other tracking technologies to collect information about your browsing activities on our Website and elsewhere, in order to provide interest-based advertising. We do not control how these third parties’ tracking technologies operate. If you have questions about a particular advertisement or targeted content, you should contact the relevant third party directly.

YOUR RIGHTS OVER YOUR INFORMATION

General Rights

Depending on your location and applicable law, you may have certain rights in relation to the personal information we hold about you. To exercise these rights, please contact our Data Protection Officer (see “How to Exercise Your Rights” below).

These rights may include:

  • The right to access the personal information we hold about you;
  • The right to object to certain types of processing;
  • The right to correct inaccurate or incomplete information;
  • The right to receive a portable copy of certain personal information you have provided to us;
  • The right to withdraw consent where processing is based on consent;
  • In some cases, the right to request deletion of personal information we hold about you.

We will not treat you unfairly or discriminate against you for exercising any of your rights.

Please note that these rights are not absolute. They may be subject to limitations or exemptions under applicable laws. We may also, at our discretion and in line with our internal policies, correct or delete incomplete or inaccurate information.

You also have the right to lodge a complaint with a relevant data protection supervisory authority if you believe your rights have been infringed.

Rights in Relation to Direct Advertising

If we process your personal information for direct marketing purposes, you may object at any time to such processing, including any related profiling.

You can opt out of receiving marketing messages by following the unsubscribe instructions in those communications or by contacting Customer Support. Once you object to direct marketing, we will stop processing your personal information for those purposes.

Data Deletion Requests

For your protection, we require Users to verify their identity before we process account data-deletion requests. This helps ensure that only the legitimate account holder can request deletion.

If you submit a deletion request, you may be asked to complete a verification step, which may include confirming your identity through email, phone, or other secure methods. This process helps maintain a secure and trustworthy platform. For additional details, please contact our customer support team.

Opt-Out Preference Signals

Under UK GDPR, you can limit the collection of non-essential data from your device while using our Website. You can control your preferences by:

  • Adjusting browser or device settings to block cookies or other tracking technologies; and/or
  • Enabling Global Privacy Control (GPC) in your browser or browser extension to automatically signal your privacy preferences.

Please be aware that blocking or deleting cookies or similar technologies may limit access to certain features or prevent full use of our Website and services.

If you wish to opt out of interest-based advertising, you may do so by following the dedicated opt-out link we provide (if applicable). Users in the EU or other regions should refer to the relevant regional opt-out frameworks. We will honour valid opt-out signals for each browser where such signals are implemented.

UK DATA SUBJECT RIGHTS

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, UK residents benefit from additional rights regarding the processing of personal data, including:

  1. Right of Access (Subject Access Request)

You may request details of the personal data we hold about you, including purposes of processing, categories of data, recipients, and retention periods.

  1. Right to Rectification

You may request correction of inaccurate or incomplete personal information we hold.

  1. Right to Erasure (“Right to be Forgotten”)

You may ask us to delete your personal data, subject to legal or contractual obligations requiring retention.

  1. Right to Restriction of Processing

You may request that we limit processing in certain circumstances, such as when you contest the accuracy of the data or object to its use.

  1. Right to Object

You may object to processing carried out for direct marketing, profiling, or other legitimate interests. We will respect such objections unless we have compelling lawful grounds for continued processing.

  1. Right to Data Portability

Where applicable, you may request a copy of your personal data in a structured, machine-readable format so that it can be transferred to another data controller.

How to Submit a Request

To exercise your rights, you (or a legally authorised representative) must:

  1. Provide sufficient information to verify your identity (for example, full name, email address, and any additional data reasonably required); and
  2. Clearly describe your request and indicate which right you wish to exercise (e.g., access, rectification, deletion, restriction, objection, or portability).

We will respond within one month of receiving your request, in line with UK GDPR. For complex or numerous requests, we may extend this period by up to two additional months, and we will inform you about any extension and its reason.

How to Exercise Your Rights

To exercise any of these rights, please email us at **[email protected]**. We may need to verify your identity and jurisdiction of residence before we process your request.

Please:

  1. Use the email address associated with your account (where possible), or otherwise provide sufficient information so we can confirm your identity; and
  2. Give enough detail for us to understand, assess, and respond to your request.

Each request that meets these criteria will be treated as a “Valid Request”. We may contact you if we require additional information to complete identity verification. Any personal information submitted in connection with a Valid Request will be used solely for verifying your identity and handling your request. You do not need an account to submit a Valid Request.

We generally respond to Valid Requests within one month, unless otherwise required or allowed by law.

Authorised Representatives

Under UK GDPR, you may appoint an authorised representative (“Authorised Representative”) to submit rights requests on your behalf. You must provide written authorisation to that representative confirming their authority. We may ask for a copy of this authorisation when the representative contacts us. Once verified, we will handle the request in accordance with UK GDPR timelines and requirements.

We will not charge a fee for handling a Valid Request unless it is excessive, repetitive, or manifestly unfounded. If a fee is applicable, and allowed by law, we will inform you of the fee and our reasoning before proceeding.

If you are a registered User, you may also update certain account information, including some personal details, by logging into your account and editing your profile.

We will not deny services, charge different prices, or offer a lower quality of service purely because you exercise your rights. However, applicable privacy laws may permit different service tiers with varying pricing or features where such differences are linked to the value of personal information provided.

In some jurisdictions, you may also have the right to appeal our response to your request. You can do so by emailing **[email protected]**. We will respond to appeals within forty-five (45) days or as required by law. If you disagree with our assessment, we will provide information on further appeal options where applicable.

HOW WE PROTECT YOUR INFORMATION

We use physical, technical, and organisational safeguards to protect the information we collect. We employ appropriate data collection, storage, and processing practices and security measures to protect against unauthorised access, use, alteration, disclosure, or destruction of your personal information, username, password, and data stored on our Website. Our security measures are reviewed and updated periodically in line with technological and regulatory developments.

The security of your information also depends on you. Where you have a password to access certain parts of our Website, you are responsible for keeping it confidential. Please do not share your password with anyone.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of data transmitted to our Website; any transmission is at your own risk. We are not responsible for circumvention of privacy settings or security measures contained on the Website.

SHARING YOUR INFORMATION

We do not sell, trade, or rent Users’ personal identification information. However, there are situations in which we share your personal data with other Vibrospaces entities, with carefully selected service providers, and with other third parties where required or permitted by law.

Sharing Within Vibrospaces

We may share information with other companies within the Vibrospaces group for the purposes described in this Privacy Policy. See “Transfers” below for information on cross-border data transfers within the group.

Sharing with Third Parties

We share information with third parties only in limited circumstances, including:

  • When you explicitly allow us to share your information;
  • When it is necessary to provide products or services or to notify you about important changes or developments related to those products or services;
  • With service providers that support our operations, such as technology companies, data storage and processing providers, payment processors, and marketing or advertising partners. These providers are only permitted to use your personal information as instructed by us or as required by law. Where a service provider uses personal data for its own purposes and is allowed to do so by law, that provider acts as an independent data controller;
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when ordered to do so by a regulator or under applicable law;
  • In connection with a corporate transaction such as a merger, divestiture, restructuring, reorganisation, dissolution, or sale of some or all of Vibrospaces’ assets;
  • If we reasonably believe disclosure is necessary to protect the rights, property, or safety of Vibrospaces, our Users, or others;
  • When instructing and authorising financial institutions to disclose information in response to regulatory requests concerning a User’s account;
  • To enforce our Website terms and conditions, protect our rights and property and those of our customers and third parties, detect fraud or other illegal activity, and comply with legal processes;
  • For account verification and security checks.

Account Verification and Biometric Data

We may request your image to verify your identity. To do this, we may use third-party identity verification providers (such as Sumsub or similar services) that use facial recognition technology to determine whether your selfie matches the photo in your identification document. These third parties may collect biometric data when processing your image and may share relevant information with us for verification.

Biometric data collected in this context is stored by the third-party provider according to its own privacy policy, and by us only for as long as necessary to fulfil the verification purpose or for up to 3 years from your last interaction with us, whichever occurs first, unless we are legally required to retain it longer.

Categories of Information Shared in the Last 12 Months

In the past twelve (12) months, we have disclosed personal information for legitimate business purposes to the third-party categories listed below. Under UK GDPR, such disclosures are made only when necessary for service delivery, identity verification, or other lawful purposes. We do not sell personal information.

  • A: Identifiers

Third-party service providers (e.g., identity verification providers).

Purpose: Completing in-app purchases, verifying identity, and confirming eligibility for services.

  • B: Contact and Account Information

Third-party service providers (e.g., identity verification providers).

Purpose: Facilitating transactions and confirming identity.

  • C: Protected Characteristics

Third-party identity verification providers (e.g., where required by law).

Purpose: Identity verification when legally necessary.

  • D: Commercial Information

Third-party service providers.

Purpose: Processing in-app purchases and related services.

  • E: Biometric Information

Not collected or disclosed, except as described under identity verification, and then only in accordance with applicable law and provider policies.

  • F: Internet or Network Activity

Not disclosed to third parties for their own purposes beyond what is described in the section on “Personal Data Collected via Technology”, and not sold.

  • G: Geolocation Data

Third-party service providers.

Purpose: Providing location-based services and determining eligibility where necessary.

  • H: Sensory Data

Not collected or disclosed.

  • I: Professional or Employment-Related Information

Not collected or disclosed.

  • J: Non-Public Education Information

Not collected or disclosed.

  • K: Inferences

Not disclosed for independent third-party use.

Aggregated Information

We may share aggregated or anonymised demographic information with business partners, trusted affiliates, and advertisers. This information does not identify any individual and cannot reasonably be used to do so.

Transfers

Vibrospaces operates across multiple jurisdictions. As a result, the personal information we collect may be transferred to, stored in, or processed by Vibrospaces entities or third parties located in the European Union or other countries where we or our service providers operate.

Whenever we transfer personal information internationally, we ensure that appropriate safeguards are in place. Where required, transfers from the European Economic Area or UK may be based on standard contractual clauses approved by the relevant authorities or other mechanisms that comply with applicable data protection laws.

OTHER IMPORTANT INFORMATION

Children’s Privacy

We take the protection of children’s privacy very seriously. We do not knowingly collect or maintain information from individuals under the age of 18, and our Website is not designed to attract anyone under 18.

No one under 18 may provide personal information on or through the Website. If you are under 18, please do not use this Website or provide any information to us, including your name, address, phone number, email address, or any username.

If we become aware that we have collected personal information from a child under 18, we will delete that information. If you believe we may have collected information from or about a child under 18, please contact us at **[email protected]**.

Do-Not-Track Signals

Some browsers allow users to send “Do-Not-Track” (DNT) signals to websites. Because there is no agreed industry standard for how websites should respond to these signals, our Website does not currently respond to DNT requests. If a generally accepted standard emerges, we will reassess our approach.

CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time to reflect changes in our operations, services, or legal obligations. Where the changes are material, we will notify you as required by law. Notification may be provided by posting the updated Privacy Policy on our Website or by other appropriate means.

Any changes become effective when the revised Privacy Policy is posted on our Website. We encourage you to check this page regularly to stay informed about how we protect your personal information.

DEFINITIONS

  • Personal information

Information that identifies, or can reasonably be used to identify, a particular individual, such as name, postal address, email address, or telephone number. When anonymous information is combined with personal information, we treat the combined data as personal information.

  • Anonymous information

Information that does not directly or indirectly identify a specific individual and cannot reasonably be used to identify them.

  • Aggregate information

Information about groups or categories of Users that does not identify and cannot reasonably be used to identify an individual User.

CONTACTING YOU VIA EMAIL OR TEXT

You confirm that any contact details you provide to us (including email address and mobile phone number) are accurate and that you are the subscriber or authorised user of any telephone numbers you share.

By voluntarily providing your telephone number(s) to Vibrospaces, you consent to being contacted at those numbers. You agree that we may send you pre-recorded voice messages and/or text messages (including via automated systems) relating to:

  • This Privacy Policy and any associated terms and conditions;
  • Activity on your account with Vibrospaces; and
  • Promotions or offers from Vibrospaces.

These communications may be sent even if your number is listed on a national or federal Do Not Call registry, where permitted by law. You understand that your telephone carrier may charge fees for these messages and that Vibrospaces is not responsible for those charges.

CONTACTING US

If you have questions about this Privacy Policy, your personal information, or how we use it, please contact our Data Protection Officer by email at **[email protected]** and include your place of residence and a clear description of your query.