Vibecode Survivors
Deutsch Waitlist

Vibecode Survivors

Privacy Policy

Last updated: 2026-05-29

This is a translation of our Datenschutzerklärung. In case of any discrepancy, the German version is legally binding.

1. Controller

finaldream — Inh. Oliver Erdmann, Georg-Münch-Str. 14, 85604 Zorneding, Germany Email: hi@vibecodesurvivors.com

2. Overview

Vibecode Survivors is built to be data-minimal. There are no user accounts, no logins, no cookie banner. We process:

  • Technical server logs on page requests
  • Pseudonymous analytics via PostHog (cookieless)
  • Voluntary waitlist sign-ups (delivered by email via Resend)
  • Emails you send us

Each processing activity is described below with purpose, legal basis, retention and recipients. Transfers to third countries (notably the US) rely on the EU Standard Contractual Clauses, in some cases reinforced by certification under the EU-US Data Privacy Framework.

3. Website hosting

  • Purpose: technical operation and security of the website
  • Data: IP address, timestamp, requested URL, HTTP status, user agent, referrer
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable, secure operation)
  • Retention: approx. 30 days, then deletion or anonymisation unless needed to investigate an attack
  • Recipient / processor: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Contractually secured via Vercel's DPA with EU SCCs; Vercel is additionally certified under the EU-US Data Privacy Framework.

4. Analytics with PostHog (cookieless)

We use PostHog for pseudonymous usage analytics — no cookies, no local storage, no durable re-identification.

  • Purpose: understand which pages and sections get used; detect errors; attribute language switches and waitlist sign-ups
  • Data: page views, coarse origin, browser type, language selection (de/en), waitlist_submitted event (without email content), language_switch event; IP addresses are pseudonymised on PostHog's side and not persistently stored
  • Configuration: persistence: 'memory', person_profiles: 'identified_only', autocapture: false, capture_pageview: false (pageviews fired manually), disable_session_recording: true; no cookies, no local storage, no fingerprinting
  • Legal basis: Art. 6(1)(f) GDPR. Because no information is stored on or read from your device, § 25 TDDDG does not apply in our assessment and no consent is required.
  • Retention: raw events approx. 30 days, aggregated statistics longer
  • Recipient / processor: Hiberly Ltd. (PostHog), 268 Bath Road, Slough SL1 4DX, United Kingdom; EU instance, servers in Frankfurt. GDPR DPA and SCCs in place.

5. Waitlist form (Resend & Vercel BotID)

If you sign up for our waitlist we process the data you submit so we can notify you when slots open and respond to your enquiry. Sign-ups are not stored in a CRM; they are delivered to us by email.

  • Purpose: waitlist intake, notification when slots open, response to your enquiry
  • Data: email address (required); optional: short description of your project and the current blocker; technical metadata (timestamp, selected language)
  • Legal basis: Art. 6(1)(a) GDPR (consent through active form submission) and Art. 6(1)(b) GDPR (pre-contractual measures)
  • Retention: until withdrawal, at the latest until the waitlist is retired. You can request deletion at any time via an informal email to hi@vibecodesurvivors.com.
  • Recipient / processor (email delivery): Plus Five Five, Inc. (Resend), 2261 Market Street #5039, San Francisco, CA 94114, USA. A GDPR data processing agreement is in place (incorporated into Resend's Terms of Service); transfer to the US relies on the EU Standard Contractual Clauses (Module Two, controller-to-processor). The current sub-processor list is available at resend.com/legal/subprocessors.

Protection against automated submissions (Vercel BotID): The submission form is protected against spam and automated bots by Vercel BotID. To do so, Vercel processes technical attributes of your request (including IP address and browser signals) to distinguish a human submission from a bot. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in preventing abuse and spam). The recipient is Vercel Inc. (address in section 3).

6. Email contact

If you email us we store your message and contact details until the matter is closed and no retention obligations apply.

  • Legal basis: Art. 6(1)(b) and (f) GDPR
  • Reception / processing: The address hi@vibecodesurvivors.com is configured as an alias of our personal Proton mailbox. Inbound mail is therefore processed and stored by Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland. Switzerland is recognised as a safe third country under an adequacy decision of the European Commission, so no additional safeguards such as Standard Contractual Clauses are required for the transfer.

7. Retention overview

CategoryRetention
Server logsapprox. 30 days
PostHog raw eventsapprox. 30 days
PostHog aggregateslonger, pseudonymous
Waitlist email (Resend)until withdrawal
Email correspondence (Proton mailbox)until matter closed + statutory retention

8. Your rights

You have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interest (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7(3) GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

To exercise any right, an informal message to hi@vibecodesurvivors.com is enough.

9. No automated decision-making

We do not use automated decision-making within the meaning of Art. 22 GDPR.

10. Supervisory authority

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Postfach 1349, 91504 Ansbach, Germany Phone: +49 981 180093-0 · Email: poststelle@lda.bayern.de Web: lda.bayern.de

11. Security

The website is served exclusively over TLS 1.2+. Data at rest at Vercel is encrypted with AES-256. Absolute security does not exist online; we keep the attack surface small by refusing user accounts and cookies.

12. Changes

We update this policy when our processing changes. The current version is on this page; the date above shows the latest revision.