FirstVibe

Privacy Policy

Last updated: June 9, 2026

1. Data controller

The data controller is Damian Domżalski Software Services, ul. Morska 7a/72, 84-240 Reda, Poland. Tax ID (NIP): 5882472990. Contact: [email protected]

2. What data we collect

  • Photo - uploaded for AI analysis. Stored securely to display on your results card. You may request its deletion at any time. We never share or sell your photos.
  • Analysis results - the generated results card (scores, text). Stored in our database.
  • Session identifier - an anonymous UUID stored in a browser cookie. Not linked to your identity unless you create an account - then it is linked to your account email so you can access your scans across devices.
  • IP address and location - we collect your IP address for security purposes (rate limiting) and to determine your country for currency display. We do not store precise geolocation.
  • Payment data - processed by a third-party payment provider (Stripe). We never see your card number. We store the email address provided during payment.
  • Email - only if you voluntarily provide it. Never required. Saving your email also creates an optional user account (passwordless login). May be used to send results, recover credits, sign you in, and send automated reminder emails (see section 4).
  • Compatibility results - generated when comparing two scans, derived from existing scan results.
  • Roast results - additional AI analysis stored alongside your scan.
  • Fortune data - lucky number, day, and color generated from your analysis.
  • Glow-Up Plan data - personalized 30-day improvement plan generated by AI based on your analysis results. Stored in our database.
  • Party Mode data - group join code, group vibe analysis results (3-12 participants). Groups expire after 24 hours.
  • Account data - if you save your email or sign in: your email address and one-time login links (magic links). We do not store passwords.
  • Leaderboard data - if you join the leaderboard: your chosen display name, score, league, country, and chosen display mode (photo, caricature, or anonymous). These are publicly visible in the ranking.
  • Referral data - your referral link and the number of completed scans by people you invited.

3. Legal basis for processing

We process your data on the following legal bases (Art. 6 GDPR):

  • Performance of a contract (Art. 6(1)(b)) - photo analysis, generating and storing results, payment processing.
  • Consent (Art. 6(1)(a)) - analytics cookies (Google Analytics), providing your email address.
  • Legitimate interest (Art. 6(1)(f)) - ensuring service security, rate limiting, preventing abuse, error monitoring.

4. How we use data

  • Your photo is sent to external AI providers to generate your analysis and caricature, then stored securely to display on your results card.
  • Analysis results are stored so you can return to your results card.
  • Analysis results and photos are stored indefinitely. You may request their deletion at any time by contacting us.
  • Payment data is used solely to process your transaction and is retained as required by tax law.
  • If you provide your email on a scan that has not been unlocked, we send a confirmation with a link to your results and may send one automated reminder (after approx. 6 hours). The purpose of these emails is to inform you about the status of your results.
  • We also send other automated emails described in the terms of service: rescan reminders for paid scans (after approx. 30, 60, and 90 days), leaderboard notifications (if you join the leaderboard), and referral reward notifications. Every such email contains an unsubscribe link.
  • We do not sell, trade, or share your personal data with third parties for marketing purposes.
  • Free results (without payment and without providing an email) expire after 2 hours. Providing an email or making a payment prevents expiry.
  • We plan to implement automatic deletion of unclaimed scan data after 12 months of inactivity. Until then, you may request deletion at any time.

5. Cookies & analytics

We use essential technical cookies:

  • visitor_id - anonymous session identifier (30 days)
  • locale - preferred language (1 year)
  • _session - session cookie (required for functionality)
  • consent_analytics - stores your analytics consent choice (1 year)

We use the analytics tools Google Analytics and PostHog (product analytics), as well as a Google Ads conversion tag. After you consent via the cookie banner, we additionally load advertising pixels (Meta Pixel, TikTok Pixel, Reddit Pixel, X Pixel) that may set their own cookies.

6. Third parties

To provide our service, we use external providers from the following categories:

  • AI service providers (Anthropic, OpenAI) - photo analysis and image generation. Your photo is sent to the API to generate results.
  • Payment processor (Stripe) - transaction processing. We never see your card details.
  • Email service provider (Resend) - email delivery.
  • Analytics and advertising providers (Google, PostHog, Meta, TikTok, Reddit, X) - website traffic analysis and conversion measurement. Advertising pixels are loaded only after consent.
  • Error monitoring (Sentry) - application monitoring. Configured not to transmit personal data.

Your data may be processed outside the EEA (USA). Transfers rely on safeguards such as EU-U.S. Data Privacy Framework certification or EU Standard Contractual Clauses (SCCs).

7. Automated processing and A/B testing

We use artificial intelligence algorithms to analyze photos and generate results. This processing is purely for entertainment - it does not produce legal effects or significantly affect you. It does not constitute profiling under Art. 22 GDPR.

We conduct A/B tests to optimize our service. Based on the anonymous session identifier (visitor_id), users may be randomly assigned to different interface variants. Assignment is fully automatic, deterministic, and not based on personal data.

8. Your rights

You have the right to:

  • Access your data
  • Rectify your data
  • Delete your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)

Contact: [email protected]

You also have the right to lodge a complaint with the supervisory authority - the President of the Polish Data Protection Office (UODO, uodo.gov.pl).

9. Your rights (California residents)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know - you may request information about the categories and specific pieces of personal data we have collected about you.
  • Right to Delete - you may request that we delete your personal data.
  • Right to Opt-Out of Sale or Sharing - we do not sell your personal data. Advertising pixels, which may constitute "sharing" under the CPRA, are loaded only after you consent via the cookie banner - you can opt out by declining consent.
  • Right to Non-Discrimination - you will not be treated differently for exercising your rights.

Contact: [email protected]

10. Voluntary nature of data

  • Providing a photo is necessary to use the analysis service - we cannot generate results without it.
  • Providing your email is voluntary and is used for credit recovery, sending results, account sign-in, and the messages described in section 4.
  • Payment data is necessary to process a purchase transaction.

11. Security

We use HTTPS encryption, secure cookies, and rate limiting.

We use cookies for traffic analytics (Google Analytics). You can accept or decline. Privacy policy