VibeResearch

Privacy Policy

Effective date: 15 June 2026

Important notice

VibeResearch is not a medical device and does not provide medical diagnosis or treatment decisions. Outputs should be reviewed by qualified professionals.

1. Operator and contact

VibeResearch (“we,” “our,” or “us”) is developed and operated by Lamedtech.

Contact: support@viberesearchers.com

2. What data we collect

Account data

When you register, we collect your email address and a hashed password. These are stored and managed by Supabase (our authentication provider). We also maintain a profile record containing your plan tier, subscription status, AI credit usage counters, and add-on entitlement flags.

Uploaded research datasets

Files you upload for analysis (CSV, Excel, SPSS, Stata, SAS, JSON — depending on your plan) are transmitted to and stored on VibeResearch backend systems. Files are stored in Google Cloud Storage and associated exclusively with your account.

Dataset metadata

When a file is uploaded or a prepared dataset is saved, we store a registry record in our database containing: filename, file format, row count, column count, file size, column names and data types, upload timestamp, dataset origin (uploaded or derived), and a deleted flag for soft-deletion.

Usage and AI logs

Every AI feature call is logged to an ai_usage_log table containing: your user ID, endpoint name, action type, AI model name, estimated token counts, credits charged, your plan tier, and a timestamp. This log is used for abuse prevention, quota management, and internal auditing.

Payment data

Payment processing is handled entirely by Stripe. We do not receive or store payment card numbers, CVV codes, or bank account details. We store only the outcome of payment events: your subscription status, plan tier, billing interval, and subscription period end date.

Feedback and inquiry data

When you submit a feedback or inquiry form, we collect the information you provide: your message, email address, and optionally your user role, research field, requested features, urgency level, and willingness-to-pay indication. This information is used to respond to your inquiry and to improve our services.

Workflow logs and exported scripts

Workflow logs and exported R/analysis scripts may include column names and analysis settings from your dataset. They do not include raw dataset rows or individual cell values.

Saved analysis results

When you choose to save analysis results to the Results Library, the relevant output data (model metrics, table values, figure metadata, analysis settings, and display labels) is stored in the Supabase database associated with your account. Raw dataset row values are not stored as part of saved results; only aggregated statistics and metadata necessary for display are retained.

Learning progress

The Learn page tracks which lessons you have read in your browser's localStorage (key vr_read_articles). This data is stored locally in your browser only and is not sent to our servers.

Browser and workspace state

Certain convenience data is stored locally in your browser (see Section 6 — Cookies and Local Storage).

3. How your uploaded data is used

Statistical analysis

When you run a statistical analysis, your uploaded dataset file is read by VibeResearch's backend processing systems (running on Google Cloud Run). The analysis is computed server-side using standard scientific libraries (Python, pandas, scipy, lifelines). Results are returned to your browser. Results are not automatically stored — they are only saved to the Results Library if you explicitly choose to save them (see Section 2 — Saved analysis results).

AI research assistant (chat)

When you use the AI research assistant, we send the following to our AI inference provider (Groq):

  • Your text message
  • A limited portion of your recent conversation history (up to 6 prior messages)
  • A compact dataset summary: filename, total row count, column count, and up to 15 column names with their data types

Raw dataset rows, individual data values, patient records, measurements, or cell contents are not sent to Groq or any other external AI provider.

VibeResearch Guide (AI support chat)

VibeResearch Guide is a site-wide floating AI chat assistant that answers questions about plans, features, navigation, and billing. When you type a free-text question, we send the following to our AI provider (Groq):

  • The page you are currently viewing (e.g., “pricing”, “analyze”)
  • Your plan tier label (e.g., “Researcher”) — display name only, no account data
  • The filename and row/column count of your active dataset, if you are on the Analyze page — no raw data values
  • Your text message (up to 1,000 characters)

Guide messages are not stored in the Supabase database. Only usage metadata (token counts, timestamps, and model name) is written to an internal audit log.

Guide AI is disabled for unauthenticated users — they see static chip-based chat suggestions only. Requests containing injection patterns (such as "ignore previous instructions" or requests for API keys) are blocked before the AI call. AI output is scanned for sensitive tokens before being returned to you.

AI report text (Results / Methods paragraphs)

When you request an AI-generated Results or Methods paragraph, we send the following to Groq: the analysis type name (e.g., “regression”), aggregated statistical results (such as p-values, coefficients, confidence intervals, and sample size — not raw data rows), and the requested output mode. Raw dataset values are not included.

ML prediction, SHAP, and time series analysis

When you use the ML Prediction feature, SHAP analysis, time series analysis, or Trend Report Builder, your dataset file is read by the backend systems to compute model outputs, performance metrics, SHAP values, feature importance, and model comparison statistics. All processing is performed server-side. Raw row data is not transmitted to any external AI provider during ML processing. If you choose to save results, only aggregated metrics and metadata are stored (see Section 2 — Saved analysis results).

External data import (FRED, URL)

When you use the External Data Import feature, VibeResearch's backend makes server-side requests to external sources on your behalf:

  • FRED series import: The series ID and date range you enter are sent to api.stlouisfed.org (the Federal Reserve Bank API). No personal data, dataset contents, or account information is transmitted to FRED. The returned time series data is stored as a new dataset in your account under the same rules as uploaded data.
  • URL import: VibeResearch's backend downloads the file from the URL you provide, using the User-Agent VibeResearch/1.0. No personal data is transmitted to the target URL. The downloaded file is stored as a new dataset in your account. The source site may log the IP address of VibeResearch's backend server.

We do not sell or share your data

We do not sell, rent, or share your datasets, metadata, or account information with any third party for commercial or marketing purposes. We do not use your uploaded datasets or research outputs to train AI models.

4. Data storage and security

Storage locations

  • Uploaded files: Google Cloud Storage, private bucket. Region: asia-southeast1 (Singapore).
  • Account data, dataset metadata, usage logs: Supabase (PostgreSQL). Region: ap-southeast-1 (Singapore).
  • Payment records: Stripe's infrastructure. We store only plan/subscription status.

Security measures in place

  • All data in transit is transmitted over HTTPS/TLS.
  • Every API request requires a valid authentication token, verified against Supabase Auth on each call.
  • File access endpoints verify that the requesting user owns the file before serving it.
  • Database row-level security (RLS) policies restrict read access to each user's own records.
  • Feature access (analyses, AI credits, uploads) is enforced server-side — not solely on the frontend.
  • Uploaded files are stored in a private Google Cloud Storage bucket not accessible via public URL.
  • AI usage is rate-limited per user to prevent abuse.
  • Payment card data is handled exclusively by Stripe and never passes through VibeResearch servers.

What we do not claim

We do not claim HIPAA compliance, GDPR certification, ISO 27001, SOC 2, or any other formal security certification. If you are subject to regulatory requirements governing the handling of patient health data or protected personal information, you must review your institutional data governance and data processing policies before uploading data to VibeResearch.

Users are responsible for ensuring that any data they upload has been appropriately de-identified, that they hold the necessary consent and institutional approvals, and that uploading and processing the data on a cloud-hosted platform is permitted under their applicable obligations.

5. Data retention and deletion

Active accounts

Uploaded datasets and associated metadata are retained in your account as long as your account remains active. You can delete individual datasets at any time within the platform. In-app deletion removes the dataset from your workspace and marks it as deleted in our database. Underlying files and any backup or residual copies may remain temporarily during routine storage cleanup and backup retention cycles.

Account and full data deletion

To request deletion of your account and all associated data (uploaded datasets, analysis logs, account information), email support@viberesearchers.com with the subject line “Data Deletion Request” from your registered email address. We aim to process deletion requests within 14 business days. Backup or residual copies may remain for up to 90 days before permanent removal.

AI usage logs

AI usage logs (token counts, credits charged, model names) may be retained for internal auditing purposes for up to 12 months after account deletion.

6. Cookies and local storage

Authentication and session storage

VibeResearch uses Supabase for authentication. Supabase stores your authentication session (access token and refresh token) in your browser's localStorage. This is required for you to remain logged in between page loads. This information stays in your browser and is not shared with third parties other than being used to authenticate your API requests.

Workspace and application state

The application may store the following in your browser's localStorage for convenience and continuity across sessions:

  • Your most recently active dataset summary (filename, column list, format)
  • Queued data preparation transforms for the current session
  • AI chat conversation history for the active session
  • UI preferences (such as open/collapsed panel state)

This data is stored locally in your browser only. It is not sent to our servers independently and can be cleared by clearing your browser's local storage or by logging out.

Analytics and advertising cookies

We do not currently use third-party analytics cookies (such as Google Analytics) or advertising tracking cookies. No advertising networks or marketing platforms currently receive data through cookie tracking from VibeResearch.

If analytics or marketing tools are added in the future, this section will be updated and users will be notified of the change.

Third-party infrastructure cookies

Our infrastructure providers (Vercel for frontend hosting, Supabase for authentication) may set their own technical cookies or storage as part of normal platform operation. These are functional and not used for advertising.

7. Your rights

You may contact us at any time to:

  • Request a copy of the personal data we hold about you.
  • Request correction of inaccurate account information.
  • Request deletion of your account and associated data.
  • Ask questions about how your data is used.

To exercise any of these rights, email support@viberesearchers.com with the relevant subject line. We will respond within 14 business days.

Depending on your jurisdiction, you may have additional rights under applicable data protection laws. We make no specific representation as to which regulatory frameworks apply to VibeResearch at this time.

8. Third-party service providers

We use the following third-party providers to operate the platform. Each provider processes data under their own terms and privacy policies:

  • Supabase — authentication, user profiles, dataset metadata, saved results, and usage logs. Region: ap-southeast-1 (Singapore).
  • Google Cloud Storage — storage for uploaded dataset files and metadata files. Region: asia-southeast1 (Singapore).
  • Google Cloud Run — backend API execution environment.
  • Vercel — frontend hosting and CDN.
  • Stripe — payment processing, subscription management, and payment webhooks. Payment card data is handled exclusively by Stripe.
  • Groq — AI inference provider for research assistant chat, report-text generation, and VibeResearch Guide (AI support chat). Receives compact dataset summaries, aggregated statistical results, and safe session metadata only. Raw dataset row values are not transmitted to Groq.
  • Federal Reserve Bank of St. Louis (FRED API) — when you use the FRED import feature, your series ID is sent to api.stlouisfed.org. No personal data is transmitted. Data is retrieved subject to FRED's terms of use.
  • External newsfeed sources (BMJ, The Lancet, Cochrane, EQUATOR, and others) — the Research & Statistics newsfeed includes links to externally hosted content. When you click an external link, your browser connects directly to that website under its own privacy policy. VibeResearch does not transmit any user data to these external sources.

9. Children and age requirement

VibeResearch is not intended for use by individuals under the age of 18, or below the age of majority in their jurisdiction if that age is higher. We do not knowingly collect personal data from minors. If you believe a minor has registered an account, please contact us at support@viberesearchers.com and we will remove the account.

10. Changes to this policy

We may update this Privacy Policy as the service evolves. Material changes will be communicated by email to registered users or via an in-app notice prior to the change taking effect. Continued use of the service after notice of a material change constitutes acceptance of the updated policy. The effective date at the top of this page reflects the date of the most recent revision.

11. Contact

For privacy questions, data requests, or concerns: support@viberesearchers.com