Privacy Policy

Last updated: September 30, 2025

Introduction

Aha Studio Inc. ("we", "us", or "our") operates the VibeHub platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Personal Information

We collect the following personal information from you:

  • Email Address: Used for account creation, authentication, and communication
  • User ID: A unique identifier assigned to your account for system operations

1.2 Project Data

When you use our deployment and security testing services, we collect:

  • Source Code: Your application source code uploaded for deployment or security analysis
  • Configuration Data: Environment variables, deployment settings, and project metadata
  • Security Test Results: Findings and reports from security scans performed on your applications

1.3 Usage Information

We automatically collect certain information about your device and how you interact with the Service, including IP addresses, browser type, operating system, access times, and pages viewed.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Deploy and host your applications
  • Perform security testing and analysis on your projects
  • Process and complete deployments and other transactions
  • Send you technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage and trends to improve the Service
  • Detect, prevent, and address technical issues and security vulnerabilities

3. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted to and from our Service is encrypted using TLS/SSL protocols
  • Encryption at Rest: Your data is encrypted when stored in our systems
  • Credentials Protection: We do not store credentials in raw format. When necessary, credentials are encrypted using Google Cloud Key Management Service (KMS) with additional layers of encryption
  • Access Controls: We implement strict access controls to limit who can access your data
  • Regular Security Audits: Our systems undergo regular security reviews and updates

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your data.

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as cloud hosting (Google Cloud Platform), authentication services, and analytics providers. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 No Sale of Data

We do not sell, rent, or trade your personal information or source code to third parties for marketing purposes.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. When you delete your account, we will delete or anonymize your personal information and User Content within a reasonable timeframe, except where we are required to retain it for legal, accounting, or security purposes.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Export: Request a copy of your data in a portable format
  • Objection: Object to our processing of your personal information

To exercise these rights, please contact us through the contact information provided below.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those of your country. We ensure that such transfers comply with applicable data protection laws and that your information receives adequate protection.

8. Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Third-Party Links

Our Service may contain links to third-party websites or services that are not owned or controlled by Aha Studio Inc. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: info@aha.studio

Aha Studio Inc.
Governed by the laws of Japan