Privacy Policy

At a glance

We collect only what we need to run the site, respond to you, deliver programs, and meet legal duties. You can ask what we hold, fix mistakes, delete certain data, or object to some uses—subject to exceptions like billing records we must keep for tax law.

No data brokering

We do not sell lists of names and emails to random advertisers. Paid tools (e.g., email or analytics) process data under contract for our purposes only.

Security in layers

HTTPS, access controls, and careful vendor selection reduce risk. If something goes wrong, we follow a response plan and notify where the law requires.

Cross-border reality

We operate from the United States. Visitors from the EU, UK, or elsewhere should read the transfers section for safeguards we use when data leaves your region.

How to use this page

Skim the summary and table of contents, then jump to the sections that match your situation—online shopper, newsletter reader, coaching client, or curious visitor. The full detail is here on purpose so nothing important hides in fine print.

Data controller and representative

The organization responsible for personal data processing is Vibeyoung, located at 11210 Memorial Pkwy SW, Huntsville, AL 35803, United States. For privacy-related inquiries or requests, contact us at touch@vibeyoung.world or by mail at the address above. If you are in the European Economic Area and we appoint a representative under Article 27 GDPR, their details will be posted here and referenced in this section.

Phone: +1 256-650-4620 (business hours, US Central time where applicable).

Definitions we use

To keep this policy readable, we use a few terms consistently:

Personal data means information that identifies or could reasonably identify a person, alone or combined with other data we hold.
Processing means anything we do with that data: collect, store, organize, analyze, share, or delete it.
Controller means the organization that decides why and how data is processed—for most activities on this site, that is Vibeyoung.
Processor means a vendor that processes data strictly on our instructions, such as an email delivery provider.

These definitions are practical summaries, not statutory quotes. If a law in your country defines a term differently, the statutory meaning controls for that law.

Scope of this policy

This policy applies to processing activities connected to our website, email correspondence, online forms, optional newsletters, digital products, and remote or in-person coaching that we deliver directly. It does not govern third-party websites or platforms that we link to; those services have their own policies.

We do not sell your personal data in the traditional sense of exchanging lists for money. Where privacy laws require an opt-out from “sale” or “sharing” as defined locally, we describe the mechanism in the rights section and in cookie controls where relevant.

Inside this policy

Our site at vibeyoung.world
Email and forms that reach our team
Programs you buy directly from us

Outside this policy

Social platforms’ own analytics
Payment processors’ privacy notices
Sites we link to for reference

Categories of personal data

Depending on how you interact with us, we may process the following categories of information:

Identity and contact

Name, email address, phone number if you provide it, postal address when needed for billing or correspondence.

Account and transaction

Purchase history, payment references, invoices, and service preferences. We typically do not store full payment card numbers; payment processors handle card data.

Communications

Content of messages you send through forms or email, and notes we create to deliver follow-up.

Technical and usage

IP address, approximate location derived from IP, browser type, device type, operating system, referrer, pages viewed, and time spent. Some of this data is collected via cookies and similar technologies.

Sources of data

We obtain data directly from you when you fill out forms, create an account, purchase services, or communicate with us. We may also receive technical data automatically when you load pages. In limited cases, we may receive referrals from partners or updated contact information from payment providers, but we verify relevance before use.

Purposes of processing

Providing the website, processing inquiries, and delivering educational programs and consulting you request.
Managing contracts, billing, accounting, and customer support.
Improving content and user experience through aggregated analytics and, where consented, marketing measurement.
Complying with legal obligations, responding to lawful requests, and enforcing our Terms of Use.
Protecting security, detecting fraud, and maintaining system integrity.

Legal bases (GDPR and similar frameworks)

Where GDPR applies, we rely on one or more of the following legal bases: performance of a contract (Article 6(1)(b)), legitimate interests (Article 6(1)(f)) such as operating a secure website and understanding aggregate usage, compliance with legal obligations (Article 6(1)(c)), and consent (Article 6(1)(a)) for optional cookies and certain marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

When we rely on legitimate interests, we balance our interests against your rights and offer you the right to object where required by law.

Cookies and similar technologies

We use cookies, local storage, and similar tools as described in our Cookie Policy. Consent for non-essential categories is managed through the cookie banner and settings. You can also adjust or delete cookies through your browser. Blocking strictly necessary cookies may prevent parts of the site from functioning.

We share personal data with service providers who assist us with hosting, email delivery, analytics (when you consent), payment processing, customer relationship management, and security monitoring. These providers process data only on our instructions and under contracts that require appropriate safeguards.

We may disclose information if required by law, court order, or regulatory authority, or to protect our rights, property, or safety and that of our users.

We do not sell personal data to data brokers. If we ever participate in a merger or asset sale, we will notify you as required by law.

International transfers

Our operations are based in the United States. If you access the site from outside the United States, your data may be processed in the United States or other countries where our providers operate. When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms, supplemented by technical and organizational measures where appropriate.

Retention periods

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law.

1

Contact and support records

Typically up to twenty-four months after the last meaningful interaction unless a longer retention is justified by a dispute or legal hold.

2

Contracts and accounting

For the duration of the relationship plus the period required by tax and commercial law.

3

Technical logs

Often shorter retention, rotated on a schedule aligned with security monitoring needs.

Security measures

We implement administrative, technical, and physical safeguards appropriate to the nature of the data and the risks involved. Examples include HTTPS transmission, access controls, least-privilege access for staff, backups, and vendor due diligence. No system is perfectly secure; we respond to incidents in line with applicable law and notify affected individuals where required.

Access

Accounts and admin tools are protected with strong passwords and, where available, multi-factor authentication. Access is reviewed when roles change.

Storage

Data resides with reputable hosts and SaaS providers in controlled environments. We minimize retention and delete or anonymize when no longer needed.

People

Staff and contractors with access to personal data are bound by confidentiality and trained on phishing and device security basics.

Vendors

We assess subprocessors for security posture and contract terms—not just price—before they touch production data.

Your rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict processing, object to processing, data portability, and to withdraw consent. You may lodge a complaint with a supervisory authority. To exercise rights, email us with a description of your request. We may need to verify your identity before responding.

Residents of certain U.S. states may have additional rights under state privacy laws; we will honor applicable requests after verification.

Verification

To protect against impersonation, we may ask you to confirm control of your email address, provide an order number, or answer a security question we already know the answer to. We will not ask for passwords you use on other websites.

Sensitive categories

We do not set out to collect health data classified as “special category” under GDPR or “sensitive” under some U.S. state laws. Coaching conversations may touch on sleep, stress, or routines in general terms. If you voluntarily share clinical details, we treat that information with extra care, limit access, and retain it only as long as needed to provide the service you requested or as law requires.

If you are unsure whether something should be shared in writing, you can keep descriptions high-level in email and reserve specifics for a live session where you have agreed to terms in advance.

Personal data breaches

If we become aware of a breach that affects your personal data, we assess severity, contain the issue, and document what happened. Where the law requires, we notify regulators and affected individuals within the prescribed timeframe, describing likely impact and steps we are taking. We also cooperate with lawful investigations.

U.S. state privacy highlights

State laws evolve quickly. Depending on where you live, you may have rights to know what personal information we collect, to delete certain information, to correct inaccuracies, to opt out of sale or targeted advertising, or to limit use of sensitive information. We honor these rights when they apply to our processing and after reasonable verification.

You may designate an authorized agent in some states if you provide signed permission and we can verify the agent’s authority. We do not discriminate against you for exercising privacy rights.

Automated decision-making and profiling

We do not use automated decision-making that produces legal or similarly significant effects solely based on automated processing. If we introduce profiling for marketing purposes, we will update this policy and provide opt-out mechanisms where required.

Children

The site is not directed at children under sixteen, and we do not knowingly collect personal data from children. If you believe we have received such data, contact us and we will delete it promptly.

Marketing communications

We send promotional emails only if you have opted in or if the law allows soft opt-in. Every marketing email includes an unsubscribe link. You can also adjust preferences by contacting us.

Changes to this policy

We may update this policy to reflect changes in law, practices, or services. We will post the revised version on this page and update the “last reviewed” date. If changes are material, we will provide additional notice where appropriate.

Minor edits

Clarifications, formatting, and non-substantive wording changes may appear without a separate email.

Material updates

New categories of data, new sharing partners, or new purposes may trigger an email, banner, or re-consent where the law requires.

Questions

For privacy questions or requests, email touch@vibeyoung.world or write to the postal address listed in the controller section.

Related documents: Cookie Policy, Terms of Use.