Privacy policy.

Last Updated: April 21, 2026

1. Who we are


VibeCart is a product of Trebbble S.A., a technology company registered in Greece. Throughout this policy, "VibeCart," "we," "us," and "our" refer to Trebbble S.A. and the VibeCart platform.



We act as a data controller for personal data collected through our website (vibecart.ai) and our platform (the VibeCart CMS). When processing end-customer data on behalf of our clients, we act as a data processor.

2. What data we collect


2.1 Data we collect from website visitors

When you visit vibecart.ai, we may collect:


  • Usage data: Pages viewed, time spent on pages, referring website, browser type, device type, operating system, and IP address.

  • Contact data: Name, email address, company name, and phone number — when you voluntarily submit a form (e.g., "Talk to Sales," newsletter signup, or partner program inquiry).

  • Cookie data: See Section 8 (Cookies) below.


2.2 Data we collect from platform users (CMS users)

When you create a VibeCart account and use our platform, we collect:


  • Account data: Full name, email address, phone number, company name, and billing address.

  • Payment data: Payment method details are processed by our third-party payment provider. We do not store credit card numbers on our servers.

  • Platform usage data: Login activity, features used, campaigns created, and support interactions.


2.3 Data we process on behalf of our clients

When VibeCart clients use VibeCart to run messaging campaigns, they upload or sync customer data from their e-commerce platforms (Shopify, WooCommerce, Magento, via file upload, or via API). This data include:


  • End-customer names, phone numbers, and email addresses

  • Purchase history and order data

  • Product browsing

  • Cart value and abandoned cart status

  • Marketing consent status

  • List and segment membership


We process this data solely on behalf of our clients, in accordance with their instructions and a Data Processing Agreement (DPA). We do not use end-customer data for our own marketing purposes.

3. Why we collect data (legal bases)


Under the General Data Protection Regulation (GDPR Article 6), we process personal data based on the following legal grounds:


  • Providing and operating the VibeCart platform | Performance of a contract

  • Processing payments and billing | Performance of a contract

  • Responding to inquiries and support requests | Legitimate interest

  • Sending product updates and service notifications | Legitimate interest

  • Sending marketing communications (e.g., newsletter) | Consent

  • Improving our website and platform | Legitimate interest

  • Complying with legal obligations (e.g., tax records) | Legal obligation

  • Processing end-customer data on behalf of clients | Data processing agreement (processor role)


You can withdraw consent for marketing communications at any time by clicking the unsubscribe link in any email or contacting us at support@vibecart.ai.

4. How we share data


We do not sell personal data. We share data only in the following circumstances:


  • Messaging providers: When our clients send campaigns through VibeCart, message content and recipient phone numbers are transmitted to messaging providers (such as MSTAT, Apifon, or Yuboto for Viber delivery) as required to deliver the messages. These providers act as sub-processors. When messages are delivered via WhatsApp or Viber, the processing of such data is also subject to the Meta Privacy Policy and the Rakuten Viber Privacy Policy, respectively.

  • E-commerce platform APIs: When a client connects their Shopify, WooCommerce, or Magento store, data flows between the e-commerce platform and VibeCart via secure APIs.

  • Infrastructure providers: We use cloud hosting services (Google Cloud Platform) to store and process data. All infrastructure providers are GDPR-compliant and located within the EU or operate under adequate safeguards.

  • Analytics tools: We use analytics services (Google Analytics) on our website to understand visitor behaviour. See Section 8 (Cookies) for details.

  • Legal requirements: We may disclose data if required by law, regulation, or valid legal process.

  • Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. We will notify affected users before any such transfer.

5. International data transfers


VibeCart is based in Greece (EU). We store and process data within the European Economic Area (EEA) wherever possible. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with an adequacy decision.

6. How long we keep data


We retain personal data only for as long as necessary to fulfil the purposes described in this policy:


  • Account data: Retained for the duration of your account and for up to 7 years after account deletion, as required by Greek tax and accounting regulations.

  • Billing and transaction records: Retained for up to 7 years as required by Greek tax and accounting regulations.

  • Messaging logs: In accordance with the Hellenic Authority for Communication Security and Privacy (ADAE) guidelines, we retain logs of messages sent (sender, recipient, timestamp) for 24 months.

  • Website analytics data: Retained for up to 14 months.

  • Marketing contact data: Retained until you unsubscribe or request deletion.

  • End-customer data (processed on behalf of clients): Retained for the duration of the client's subscription. Upon account termination, end-customer data is deleted within 30 days.


Note: VibeCart complies with automated data deletion and redaction requests received via the Shopify Mandatory Webhooks to ensure end-customer data is purged when requested by the store owner or Shopify.

7. Your rights


Under the Greek Law 4624/2019, you have the following rights regarding your personal data:


  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of your personal data ("right to be forgotten").

  • Restriction: Request that we limit how we process your data.

  • Portability: Request your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interest, including direct marketing.

  • Withdraw consent: Where processing is based on consent, withdraw it at any time.


To exercise any of these rights, you may contact our designated contact at support@vibecart.ai. We will respond within 30 days.


If you are an end-customer of one of our clients (an e-shop using VibeCart), please direct your data rights requests to the e-shop directly, as they are the data controller for your information. We will assist our clients in fulfilling such requests.


You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) or the supervisory authority in your country of residence.

8. Cookies


Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit our site.

9. Data security


We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:


  • Encryption of data in transit (TLS/SSL) and at rest

  • Access controls and role-based permissions

  • Regular security reviews and monitoring

  • Secure hosting infrastructure within the EU


While we take all reasonable precautions, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of data transmitted to us.

10. Children's data


VibeCart is a business-to-business platform and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe we have inadvertently collected such data, please contact us at support@vibecart.ai.

11. Third-party links


Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party site you visit.


12. Changes to this policy


We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify users by updating the "Last Updated" date at the top of this page and, where appropriate, by email.


We encourage you to review this page periodically.


13. Governing Law – Jurisdiction


This policy is governed by the laws of Greece. Any disputes arising from the enforcement of this policy shall be subject to the exclusive jurisdiction of the Courts of Athens.

14. Contact us


If you have questions about this Privacy Policy or how we handle your data, contact us at:


VibeCart (by Trebbble S.A.)
Email: support@vibecart.ai

Website: vibecart.ai


For data protection inquiries, you may also contact the Hellenic Data Protection Authority:
Website: www.dpa.gr