Privacy Policy

Last updated: May 10, 2026

1. Introduction

VibeEchoes ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information when you use our mobile application ("App"). Privacy is not a feature of VibeEchoes — it is the foundation.

VibeEchoes is a journaling app that uses AI to discover meaningful connections ("Echoes") between your journal entries and those of other users, as well as curated content from music, film, and literature.

2. Information We Collect

We collect information to provide, improve, and secure the App.

Information You Provide Directly

Account information: When you create an account or log in, we collect your email address, password (stored securely hashed), username/display name, and any other details you provide during registration.
Journal entries: The text content of your journal entries is used to generate semantic embeddings for the resonance matching feature. All journal entries are protected by End-to-End Encryption (E2E) and stored in a format we cannot read.
Matching preferences: Your consent choices regarding anonymous matching and any actions you take within the matching system (connecting, blocking, revealing identity).
Chat messages: Content of messages you send in matched conversations. All chats are secured with End-to-End Encryption, meaning only you and your match can read them.
Echo Collections: When you save matches to curated collections (a Premium feature), we store which matches belong to which collection names. Collection data is tied to your account and deleted when you delete your account.
Other: Any feedback, support requests, or information you voluntarily provide.

Automatically Collected Information

Device and usage data: IP address, device type/model, operating system version, unique device identifiers, app version, crash logs, performance data, and general usage patterns.
Log data: Timestamps, actions within the app (e.g., writing entries, viewing matches, accessing insights).

AI-Generated Data

Semantic embeddings: We generate mathematical representations (vectors) of your journal entries for the purpose of finding resonance matches. This happens via a secure "Compute-then-Encrypt" pipeline: your plaintext is briefly in working memory to compute the embedding, and then immediately end-to-end encrypted before it is ever saved. These embeddings capture meaning but cannot be reversed into your original text.
AI-polished text: If you use the optional AI Edit feature (Premium), your journal entry text is sent to Google's Gemini model to generate a polished version. The polished text is returned to you for review — you choose whether to accept, modify, or discard it. We do not store the polished output on our servers; it exists only in your local session until you save it as part of your encrypted entry.
Sentiment and emotion data: We derive sentiment labels and emotion color mappings from your journal entry embeddings to power the Insights Map visualization. These are aggregate, non-reversible representations and cannot reconstruct your original text.

We do not collect location data. We do not collect sensitive personal information (e.g., financial details, health data) unless directly present in journal entries you choose to write.

We practice data minimization — we collect only the information strictly necessary to provide the App's core functionality and do not repurpose it beyond the stated uses.

3. How We Use Your Information

We use the collected information solely for the following purposes:

To provide core features: Account creation/login, journal entry storage, AI-powered resonance matching, anonymous communication, Echo Collections, and Insights Map visualization.
To facilitate user matching: Semantic embeddings are compared to find journal entries from other users with similar meaning. Matches are presented anonymously through our double-blind system.
To facilitate content matching: Your embeddings are also compared against our curated databases of music lyrics, film dialogue, and literary passages to surface songs, movies, and books that resonate with your thoughts. These content databases are maintained by VibeEchoes and do not involve sharing your data with music labels, film studios, or publishers.
To provide AI editing: When you invoke the AI Edit feature, your entry text is processed by Google Gemini to suggest stylistic improvements. You retain full control over whether to accept or reject any suggestion.
To improve the App: Analyze aggregated/anonymized usage patterns to enhance functionality, fix bugs, and develop new features.
To communicate with you: Send essential service notifications (e.g., password resets, security alerts) or respond to support inquiries.
To ensure security: Detect and prevent fraud, abuse, or unauthorized access.

We do not use your data for advertising, marketing, profiling, or any purpose unrelated to operating and improving the App. Your data is never sold, rented, or used for commercial purposes.

AI Transparency

VibeEchoes uses artificial intelligence for two purposes:

Semantic embeddings: Mathematical representations of meaning generated from journal entries using Google's Gemini Embedding model. These embeddings are used to find thematic similarities between your entries and those of other users, as well as curated music, film, and literary content.
Text polishing (AI Edit): An optional Premium feature that uses Google's Gemini generative model to suggest stylistic improvements to your journal entries. AI-edited text is always clearly presented as a suggestion for your review — never silently substituted.

No AI-generated content is presented as human-written, and AI is never used to make decisions that affect your rights or access to the service.

4. Anonymous Matching & Double-Blind Privacy

Our resonance matching system is designed with privacy at its core:

User-to-User Echoes

When a match is found, both users see only a short excerpt of the matched text — never a name, profile photo, or identifying information.
Identity is revealed only when both users mutually consent to connect.
You can block any match instantly at any stage.
Journal entries are compared by meaning (semantic embeddings), not by sharing raw text between users.

Content Echoes (Music, Film, Literature)

Your journal entry embeddings are compared against pre-computed embeddings of song lyrics, film dialogue, and literary passages maintained in our databases.
When a content echo is found, you see the matched passage, the title of the work, and the artist/author/director. No personal data is shared with content providers.
Outbound links to services like Spotify, Apple Music, IMDb, and Amazon are provided as a convenience so you can explore matched content. Clicking these links takes you to third-party sites governed by their own privacy policies.

5. Sharing and Disclosure of Information

We do not share your personal information with third parties except in limited circumstances:

With matched users: Only the specific text excerpts involved in a resonance match are shown to the other party, anonymously. No identifying information is shared unless both parties consent.
Service providers: We use trusted third-party providers that process data on our behalf under strict confidentiality agreements:
- Google Firebase: Authentication, Firestore database hosting, Cloud Functions, and Cloud Storage.
- Google Vertex AI / Gemini: Semantic embedding generation (gemini-embedding-2-preview) and optional AI text polishing (Gemini generative models). Journal text is transmitted securely to Google's API to compute embeddings or polish suggestions. Google's data usage policies for Vertex AI apply; data sent via the API is not used to train Google's models.
Legal requirements: If required by law, court order, or to protect our rights, users, or the public.
Business transfers: In the event of merger, acquisition, or sale of assets, your data may be transferred with notice where required.

We do not share, sell, or rent your personal data to third parties for their own purposes. All third-party service providers are contractually required to maintain the same level of data protection as described in this policy and as required by applicable law.

6. Data Storage and Security

We employ a strict "Compute-then-Encrypt" architecture, ensuring your sensitive data is never stored in plaintext by our services. All journal entries and chat messages are encrypted using End-to-End Encryption (HPKE and AES-256) before touching our databases. The private keys to unlock your data are stored securely on your local devices and synchronized natively via Apple's iCloud Keychain. They are never sent to our servers. Because of this zero-knowledge approach, neither our staff nor any third party can read your journal entries or private chats.

Your non-encrypted account data (such as login credentials) is stored securely using industry-standard encryption in transit and at rest. Data is primarily hosted in secure Google Cloud servers in the US.

We retain your data only as long as necessary for the purposes outlined or as required by law. If you delete your account, we will delete or anonymize your personal data within a reasonable timeframe (subject to any legal retention obligations).

7. Third-Party Links

The App may display outbound links to third-party services to help you explore content matched to your journal entries. These include:

Spotify, Apple Music, YouTube Music, and Amazon Music for music echoes
IMDb and Amazon for film echoes
Goodreads and Amazon for literature echoes

Tapping these links opens the respective third-party website or app. We do not control and are not responsible for the privacy practices of these services. We encourage you to review their privacy policies before interacting with them. No personal data is transmitted to these services when you tap an outbound link — only standard browser navigation occurs.

8. Your Rights and Choices

You control your data:

Access your data: You may request a copy of your personal data at any time by emailing privacy@vibeechoes.com. We will respond within 30 days.
Delete your data: You may initiate account deletion directly within the App Settings menu or by emailing privacy@vibeechoes.com.
Data removal: Upon account deletion, all personal data (including your profile, journal entries, embeddings, matches, Echo Collections, and chat history) will be permanently removed from our active databases within 30 days.
Withdraw consent: You may withdraw consent for data processing at any time by deleting your account. Upon withdrawal, all data collection will cease and your data will be deleted as described above.
Matching controls: You can opt out of matching at any time, block any matched user, and control when your identity is revealed.

9. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children. If we learn we have collected such data, we will delete it promptly.

10. International Transfers

If you are outside the US, your data may be transferred to and processed in other countries. We ensure appropriate safeguards for such transfers.

11. Changes to This Policy

We may update this policy occasionally. Changes will be posted here with an updated effective date. Significant changes will be notified in the App or via email. Continued use after changes constitutes acceptance.

12. Contact Us

For questions, requests, or concerns about this Privacy Policy or your data, contact:

VibeEchoes
privacy@vibeechoes.com

Thank you for using VibeEchoes. We value your trust and privacy.