Last Updated: 19 June 2026 · Version 2.0
VIB3, Inc. (“VIB3,” “we,” “us,” or “our”) is committed to protecting the personal data of everyone who interacts with us — whether you are a B2B client, an employee of a client organisation, a user of our AI-driven marketing platform, an individual whose data appears in an advertising context, or a visitor to our website.
This Privacy Policy explains what personal data VIB3 collects, why the data is collected, how it is used and protected, and the rights available to you under the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable national data protection law.
By accessing or using our website and services at https://vib3.tech (the “Site” or “Services”), you agree to the terms of this Privacy Policy.
Questions? Contact us at privacy@vib3.tech.
Note on HIPAA
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a United States federal law that applies to certain healthcare providers, health plans, healthcare clearinghouses, and their business associates. VIB3 is not a healthcare provider, health plan, or healthcare clearinghouse. However, where VIB3 provides services to healthcare-sector clients and processes Protected Health Information (“PHI”) on their behalf, VIB3 may act as a Business Associate and will enter into a Business Associate Agreement (“BAA”) where required by applicable law. In such cases, the processing of PHI will be governed by the applicable BAA and any relevant contractual arrangements in addition to this Privacy Policy.
VIB3 is the holding company of its subsidiary entities and the provider of this website and Services. When we mention “VIB3,” “we,” “us,” or “our” in this Privacy Policy, we are referring to the relevant VIB3 entity providing you services and responsible for processing your personal data, which is also the data controller of your personal data.
At present, VIB3 operates through one subsidiary. Details of the relevant entity responsible for your data will be communicated to you at the point of engagement or upon request by contacting privacy@vib3.tech.
We process personal data relating to our clients, prospective clients, and their representatives, employees, contractors, and other authorised contacts. Such data may include:
We collect this information directly from our clients, from publicly available business sources, or from third parties acting on behalf of our clients.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(f) GDPR (legitimate interests in managing client relationships, providing services, and conducting business operations).
Where users access or use our AI-driven marketing platform (the “SaaS Service”), we process personal data necessary to create, administer, secure, and support user accounts and the provision of our Services. Such data may include:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(f) GDPR (legitimate interests in operating, securing, maintaining, and improving the SaaS platform).
Our Services allow users to connect third-party advertising, analytics, and revenue platforms — currently Google Ads, Google Merchant Center, Google Analytics, Meta (Facebook/Instagram) Business, TikTok for Business, RevenueCat, and AppsFlyer — via OAuth authorisation or user-provided API keys. Where a user connects such an account, we access, use, store, and share data from that platform strictly as described in the dedicated integration sections under “Data Sharing, Sub-processors, and Third-Party Integrations” below, which set out, for each integration, the specific scopes or permissions requested, the data accessed, how it is used, what is stored, with whom it is shared, and applicable retention periods.
Where individuals are the subject of a client’s advertising campaigns, audience segmentation, or platform activity accessed through these integrations, VIB3 processes such data as a data processor on the client’s documented instructions, in accordance with Art. 28 GDPR and the applicable Data Processing Agreement (“DPA”). Individuals whose personal data is processed in this context should consult the privacy notice of the relevant client acting as data controller for information regarding the purposes and legal bases of such processing.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(f) GDPR (legitimate interests); or any other legal basis relied upon by the relevant client acting as controller.
When you visit our website, we automatically collect certain information through cookies, server logs, and similar technologies. This information may include:
Where required by law, non-essential cookies and similar technologies will only be used with your consent. For further information about the cookies and tracking technologies we use, please refer to our Cookie Notice.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests in ensuring the security and functionality of our website); Art. 6(1)(a) GDPR (consent for non-essential cookies and similar technologies where required by law).
We process personal data for the following purposes:
We process personal data only where we have a valid legal basis under applicable data protection laws. Depending on the circumstances, we may rely on one or more of the following legal bases:
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal.
We may share personal data with selected third parties where necessary for the purposes described in this Privacy Policy and in accordance with applicable data protection laws. We do not sell personal data to third parties.
We share personal data — including, where applicable, connected-platform data obtained from Google, Meta, TikTok, RevenueCat, and AppsFlyer APIs — only with the sub-processors listed below, only to the extent needed for them to perform services on our behalf, and only under contractual obligations of confidentiality and data protection.
| Sub-processor | Function | Data processed |
|---|---|---|
| Supabase | Managed database and storage | Connected-account identifiers, OAuth tokens, and stored campaign/insight data persisted on behalf of users |
| Amazon Web Services (AWS) Bedrock — Anthropic Claude models | AI-driven marketing analysis | Data submitted via user-initiated requests, used to generate insights, reports, and recommendations. Under Amazon Bedrock’s terms, customer inputs and outputs are not used to train the underlying foundation models. |
The following providers do not receive connected-platform data: Google Analytics (website analytics only); Google Cloud Platform (general website/infrastructure hosting); and Google Ads, Facebook, and TikTok where used solely for VIB3’s own marketing of the Site to visitors. These services have their own privacy terms and may use cookies and similar technologies for analytics and advertising; we do not control third parties’ tracking technologies, and we encourage you to review their privacy disclosures.
When you connect your Google account to VIB3, we access, use, store, and share Google user data only as described in this section. VIB3’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Scopes we request and why:
https://www.googleapis.com/auth/adwords — to connect the user’s Google Ads account to VIB3 so we can retrieve campaign and account performance data and generate AI-driven marketing insights and recommendations for the user.https://www.googleapis.com/auth/content — to connect the user’s Google Merchant Center account to VIB3 so we can retrieve product feed, inventory, and Shopping performance data for use in AI-driven marketing analysis and optimization features.https://www.googleapis.com/auth/analytics.readonly — to connect the user’s Google Analytics account to VIB3 so we can retrieve site and app analytics insights (read-only) for use in AI-driven marketing analysis. This scope grants read-only access and cannot be used to modify Analytics configurations.What data we access: Google Ads campaign and account performance data; Google Merchant Center product feed, inventory, and Shopping performance data; and Google Analytics site/app analytics insights.
How we use Google user data: solely to provide and improve the user-facing features described above. We do not use this data to:
What we store: only campaign-level insights are persisted in our database. Campaign metadata and creative assets are retrieved live from the Google APIs on demand and are not stored at rest. OAuth access and refresh tokens are retained only while the integration is connected.
Sharing of Google user data: shared only with the sub-processors listed above under “Sub-processors With Access to Connected-Platform Data,” and only to the extent required to operate the features described in this section. It is not shared with advertising, analytics, or marketing providers.
Retention and deletion:
Users may disconnect their Google account at any time from within VIB3, or by revoking VIB3’s access at https://myaccount.google.com/permissions. Revocation automatically triggers the deletion timeline above.
When you connect your Meta Business account to VIB3, we access, use, store, and share Meta platform data only as described in this section. VIB3’s use of information obtained through the Meta Marketing API, Graph API, and related developer platforms adheres to the Meta Platform Terms and the Meta Developer Policies.
Permissions we request and why:
ads_read — to retrieve ad account, campaign, ad set, ad, and insights data for AI-driven analysis and reporting.ads_management — to create, edit, pause, and otherwise manage campaigns, ad sets, and ads in the user’s advertiser accounts as part of AI-driven optimization features.business_management — to access the user’s Meta Business Manager so we can identify the correct ad accounts, pages, and assets to include in the integration.catalog_management — to access product catalogs linked to the Business Manager for Shopping/Advantage+ catalog campaign analysis and recommendations.pages_show_list, pages_read_engagement, pages_manage_ads — to access the user’s Facebook Pages linked to their ad accounts for Page-level ad management and reporting.What data we access: ad account, campaign, ad set, and ad metadata; ad performance insights; Meta Pixel insights; Business Manager structure; product catalog data; and Facebook Page data connected to the user’s ad accounts.
How we use Meta platform data: solely to provide and improve the user-facing features described above. We do not use this data to:
What we store: only campaign-level insights and Meta Pixel insights are persisted in our database. Campaign metadata, Business Manager structure, catalog contents, and creative assets are retrieved live from the Meta APIs on demand and are not stored at rest. OAuth access and refresh tokens are retained only while the integration is connected.
Sharing of Meta platform data: shared only with the sub-processors listed above under “Sub-processors With Access to Connected-Platform Data,” and only to the extent required to operate the features described in this section.
Retention and deletion:
Users may revoke VIB3’s access at any time from within VIB3 or from their Meta Business Settings at https://business.facebook.com/settings/apps.
When you connect your TikTok for Business account to VIB3, we access, use, store, and share TikTok platform data only as described in this section. VIB3’s use of information obtained through the TikTok Marketing API adheres to the TikTok for Business API Terms of Service and related developer policies.
Scopes we request and why:
What data we access: advertiser account, campaign, ad group, and ad metadata; ad performance reports; TikTok Pixel / Events API insights; Business Center structure; and creative asset metadata linked to advertiser accounts.
How we use TikTok platform data: solely to provide and improve the user-facing features described above. We do not use this data to:
What we store: only campaign-level insights and TikTok Pixel (Events API) insights are persisted in our database. Campaign metadata, Business Center structure, and creative assets are retrieved live from the TikTok APIs on demand and are not stored at rest. OAuth access and refresh tokens are retained only while the integration is connected.
Sharing of TikTok platform data: shared only with the sub-processors listed above under “Sub-processors With Access to Connected-Platform Data,” and only to the extent required to operate the features described in this section.
Retention and deletion:
Users may revoke VIB3’s access at any time from within VIB3 or from their TikTok Business Center settings.
VIB3 also supports connecting third-party analytics and revenue platforms via user-provided secret API keys (also referred to by some providers as “Secret API Key,” “API Token,” or “Server Key”). Unlike the OAuth-based integrations described above, access is established when you, the user, voluntarily generate a secret API key in the relevant third-party platform and provide it to VIB3.
These keys are server-side credentials that typically grant broad, account-level read access to the data of the third-party project they belong to. Because of this elevated privilege, we treat them as sensitive credentials and apply the security measures described below. You can revoke access at any time by rotating or deleting the key in the third-party platform or by removing the integration in VIB3.
Supported integrations:
Storage and handling of secret keys: secret API keys you provide are stored encrypted at rest in our database (Supabase) and transmitted only over encrypted (TLS) connections. They are used solely to fetch data from the corresponding third-party service on your behalf. We do not share secret API keys with any third party, do not log them in plaintext, and do not display them back to you in full after entry.
How we use this data: solely to provide and improve the AI-driven analytics, reporting, and optimization features you choose to use. We do not use this data to:
What we store: only aggregated and campaign/cohort-level insights derived from these platforms are persisted in our database. Raw event-level data and end-user personally identifiable information are not stored at rest.
Sharing: data fetched from these integrations is shared only with the sub-processors listed above (Supabase and AWS Bedrock / Anthropic Claude), and only to the extent required to operate the features above.
Retention and deletion:
Because these integrations rely on credentials you control, you may also revoke VIB3’s access at any time directly from your RevenueCat or AppsFlyer dashboard by rotating or deleting the secret API key, regardless of any action taken in VIB3.
We use cookies and similar tracking technologies on our website to enable core functionality, analyse usage, and — where you consent — serve relevant advertising. For full details of the cookies we use, your consent choices, and how to withdraw consent at any time, please see our Cookie Notice.
In the course of providing our Services, we may transfer or make personal data accessible to recipients located outside the European Economic Area (“EEA”). Where personal data is transferred to countries that do not benefit from an adequacy decision issued by the European Commission, we implement appropriate safeguards in accordance with Chapter V of the GDPR to ensure that personal data remains protected.
Such safeguards may include the use of the European Commission’s Standard Contractual Clauses (“SCCs”), reliance on an applicable adequacy decision, or other transfer mechanisms recognised under applicable data protection laws.
You may contact us at privacy@vib3.tech if you would like further information regarding the safeguards applied to international transfers of your personal data.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including the provision of our Services, management of our business relationships, compliance with legal and regulatory obligations, and the establishment, exercise, or defence of legal claims.
The retention period applicable to personal data depends on the nature of the data, the purpose for which it is processed, and the legal or regulatory requirements applicable to us. For example, certain records may be retained for longer periods where required by applicable tax, accounting, or other legal obligations.
Connected-platform data (Google, Meta, TikTok, RevenueCat, AppsFlyer) is retained in accordance with the integration-specific sections under “Data Sharing” above: OAuth tokens and API keys are deleted immediately upon disconnection, and stored insights are deleted within 90 days after the user deletes the integration.
Where personal data is no longer required for the purposes for which it was collected, we will securely delete, anonymise, or otherwise dispose of it. You may contact us at privacy@vib3.tech at any time to request further information regarding the retention periods applicable to your personal data.
Subject to applicable data protection laws, you may have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Access (Art. 15) | You may request confirmation as to whether we process your personal data and, where we do, obtain access to such data and information about how it is processed. |
| Rectification (Art. 16) | You may request that inaccurate or incomplete personal data relating to you be corrected or updated. |
| Erasure (Art. 17) | In certain circumstances, you may request the deletion of your personal data where there is no longer a lawful basis for its continued processing. |
| Restriction (Art. 18) | You may request that we restrict the processing of your personal data in certain circumstances, for example while a request for rectification is being considered. |
| Data Portability (Art. 20) | Where processing is based on consent or a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, have it transmitted to another controller. |
| Object (Art. 21) | You may object to processing based on our legitimate interests. You also have the right to object at any time to the processing of your personal data for direct marketing purposes. |
| Withdraw Consent | Where we rely on your consent as the legal basis for processing, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. |
To exercise any of the above rights, please contact us at privacy@vib3.tech. We will respond to your request in accordance with applicable law and, in most cases, within one month of receiving your request.
For requests specific to connected-platform data, please use a subject line identifying the platform (e.g. “Google Data Request,” “Meta Data Request,” “TikTok Data Request,” “RevenueCat Data Request,” or “AppsFlyer Data Request”).
You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data infringes applicable data protection laws.
We may use artificial intelligence (“AI”), machine learning technologies, and other automated systems in connection with the provision, operation, support, and improvement of our Services and business activities. This includes our AI-driven marketing analysis features, which process data retrieved from connected third-party integrations (see “Data Sharing, Sub-processors, and Third-Party Integrations”) to generate insights, recommendations, reports, and — where authorised by the user — automated actions on connected advertiser accounts.
In connection with the use of AI and automated systems, we may process personal data submitted to us by clients, users, business contacts, or other authorised persons. Such processing will be carried out in accordance with this Privacy Policy, our contractual obligations, and applicable data protection laws.
We may use AI and automated systems for purposes including:
Where required by applicable law, we will implement appropriate safeguards in relation to the use of AI and automated processing. We do not use AI systems to make solely automated decisions that produce legal effects concerning individuals or similarly significantly affect them without appropriate safeguards and, where required, meaningful human review.
You may have certain rights in relation to automated processing under applicable data protection laws, including the right to request human intervention, express your point of view, and contest certain decisions where such rights apply. For further information, please contact us at privacy@vib3.tech.
We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. Such measures may include encryption, access controls, authentication mechanisms, secure hosting environments, staff training, internal policies and procedures, and incident management processes. We regularly review and update our security measures to help ensure a level of security appropriate to the risks associated with the processing of personal data.
OAuth tokens and secret API keys for connected integrations are stored encrypted at rest and transmitted only over encrypted (TLS) connections, as described under “Data Sharing.”
While no method of transmission over the internet or electronic storage system can be guaranteed to be completely secure, we take reasonable steps to safeguard personal data in accordance with applicable data protection laws.
Our Site may contain links to third-party websites that are not operated by us. We are not responsible for the privacy practices or content of such sites. We encourage you to review their privacy policies.
We may update this Policy from time to time. The revised version will be published with an updated effective date. Where changes are material, we will notify you directly or via a prominent notice on our website.
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at privacy@vib3.tech.
Version 2.0 — 19 June 2026
Questions about this document? Contact us at privacy@vib3.tech.
We'll show you how the MCP works with your infrastructure — AWS Bedrock, Azure AI Foundry or Vertex AI. The demo takes 30 minutes.
Login →