Privacy Policy

This Privacy Policy explains how Digital Rebel BV ("we", "us", "our"), registered in the Netherlands, collects, uses, stores, and shares your personal data when you use the Team Vibrations platform (the "Service"). We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.

By using Team Vibrations you agree to the collection and use of information as described below. If you do not agree, please do not use the Service.

1. Who we are and how to contact us

Data controller: Digital Rebel BV
Email: info@digitalrebel.eu
Country: Netherlands

For privacy-related questions or requests, contact us at the email address above. We will respond within 30 days.

2. Information we collect

2.1 Account information

When you create an account we collect your email address, display name, and (if you sign in via a third-party provider such as GitHub or Google) your profile picture and public username. This data is required to provide the Service.

2.2 Profile information

You may optionally add a bio, handle, location, website URL, skills, and a profile photo. This information is publicly visible on your profile page.

2.3 Content you create

We store content you actively submit: crew messages, tasks, documents, marketplace listings, session announcements, comments, and team applications. Content inside private crews is only visible to crew members.

2.4 Usage and technical data

We automatically collect limited technical data necessary to operate the Service: IP address (for security and abuse prevention), browser type and version, pages visited, timestamps, and error logs. We do not build behavioural advertising profiles.

2.5 Cookies

We use strictly necessary session cookies to keep you signed in. We do not use third-party advertising cookies. Our hosting infrastructure (Supabase) may set functional cookies required for authentication.

3. Legal basis for processing

Under GDPR we process your data on the following legal bases:

• Contract performance — to provide the features you signed up for (account, crews, messages, marketplace).
• Legitimate interests — to detect abuse, prevent fraud, and improve the Service.
• Legal obligation — where required by EU or Dutch law.
• Consent — for optional communications such as newsletters (you may withdraw consent at any time).

4. How we use your information

• Create and manage your account
• Enable collaboration features (crews, chat, tasks, sessions)
• Show your public profile to other users
• Send transactional emails (invite links, password reset, notifications you enable)
• Enforce our Terms of Service and Community Guidelines
• Detect and prevent security incidents and abuse
• Improve, debug, and develop new features

We do not sell your personal data to third parties. We do not use your data to serve you third-party advertising.

5. Data sharing and sub-processors

We share data only where necessary to operate the Service:

• Supabase Inc. — database and authentication infrastructure (servers located in EU/US regions). Data is processed under a Data Processing Agreement compliant with GDPR.
• Vercel Inc. / hosting provider — web hosting and edge functions. Processes request metadata (IP, headers) to serve pages.
• Resend / email provider — transactional email delivery (invite links, notifications). Receives recipient email address and message content.

We require all sub-processors to implement appropriate technical and organisational security measures. We do not share your data with any other third parties unless compelled by law.

6. International transfers

Some sub-processors may process data outside the European Economic Area (EEA). Where this occurs we rely on European Commission Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework to ensure an adequate level of protection.

7. How long we keep your data

• Account data — retained for as long as your account is active. When you delete your account, your personal data is deleted or anonymised within 30 days except where we are required to retain it by law.
• Crew content — retained until you or a crew owner deletes it.
• Security and audit logs — retained for up to 90 days.
• Legal holds — data subject to a legal obligation or dispute may be retained longer.

8. Your rights under GDPR

If you are based in the EEA you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data ("right to be forgotten"), subject to legal obligations.
• Restriction — ask us to stop processing your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing relies on consent, withdraw it at any time.

To exercise any of these rights, email info@digitalrebel.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

9. Security

We implement technical and organisational measures including TLS encryption in transit, encrypted storage at rest, access controls, and regular security reviews. No system is 100% secure; if you discover a vulnerability please disclose it responsibly to info@digitalrebel.eu.

10. Children

Team Vibrations is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have done so in error, contact us immediately and we will delete the data.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by a notice on the platform at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

Digital Rebel BV
info@digitalrebel.eu