VVibooz
Privacy

Privacy Policy

This policy describes the default data processing of this Vibooz installation. Replace the operator details in config.php with the real legal entity before production use.

1. Controller

The controller responsible for this website is Vibooz Agency, Germany. Privacy contact: privacy@vibooz.com.

If Vibooz is operated for client previews by another company, that company must replace these placeholder details with its real legal name, postal address and privacy contact.

2. Purpose of this website

Vibooz is a private direct-link website preview platform. An agency can upload client website packages and publish them under project URLs such as /client/ProjectSlug/. The public homepage explains the platform only. It does not list client projects and does not provide a public project directory.

3. Hosting and server log files

This website is hosted through Namecheap or the configured hosting provider or the hosting provider configured by the operator. When the website is accessed, the hosting environment may automatically process technical access data, including IP address, date and time, requested URL, referrer URL, user agent, browser and operating system information, HTTP status code and transferred data volume.

The purposes are delivery of the website, technical stability, abuse prevention, security monitoring, troubleshooting and evidence in case of attacks or misuse. The legal basis is the operator’s legitimate interest in secure and stable website operation and, where applicable, compliance with legal security obligations.

4. Cookies, sessions and local storage

This default package does not include analytics, advertising pixels, remarketing scripts or third-party tracking. It uses only technically necessary mechanisms:

These mechanisms are required for security, fraud prevention and basic site functionality. The cookie banner has an “Accept necessary” button. Since no optional tracking is active by default, there are no marketing or analytics categories to enable.

5. Admin area

The admin area is protected by username and password. During login and administration, Vibooz processes login/session data, IP-related security data, timestamps, project metadata and uploaded files. Failed login attempts may be stored temporarily for rate limiting. This protects the platform against brute-force attempts and unauthorized access.

Administrators should use a long unique password, keep the admin URL private, and optionally add additional cPanel directory protection for the /admin/ folder.

6. Uploaded client websites and project data

When an administrator creates a project, Vibooz stores metadata such as project title, slug, client name, internal category, description, cover image path, status and timestamps. Uploaded ZIP packages are extracted into the corresponding /client/ProjectSlug/ folder. Previous versions may be copied into internal backups before replacement.

Client projects are unlisted, blocked in robots.txt and sent with noindex/nofollow headers where supported. However, direct-link privacy is not password protection. Anyone who receives or guesses the exact URL may be able to access the preview. For confidential projects, the operator should add password protection or a per-project authentication layer.

7. Forms and communication

The default public contact page has been removed. The public website does not collect inquiries through a contact form. If an uploaded client website contains its own forms, newsletter tools, payment systems, maps, videos, fonts, analytics or third-party embeds, those features are outside the default Vibooz package and must be checked separately by the operator or the relevant client.

8. Recipients and processors

Personal data may be processed by the hosting provider, technical administrators, the agency operating the preview platform and, where relevant, the client responsible for an uploaded website. The operator should ensure that required processing agreements are in place with hosting and technical service providers.

9. International transfers

The default Vibooz package does not actively transmit visitor data to analytics, advertising or social media providers. Hosting-related processing depends on the configured hosting provider and server location. If additional third-party services are added to uploaded client websites, the operator must assess whether personal data is transferred outside the EU/EEA and whether appropriate safeguards are required.

10. Retention periods

11. Security measures

The package includes CSRF protection for admin forms, session regeneration on login, secure session cookie flags, login rate limiting, upload size limits, extracted ZIP file limits, path traversal protection, blocking of selected server configuration files and noindex rules for client previews. These measures reduce risk but do not replace proper server hardening, backups, updates and access control.

12. Your rights

Depending on applicable data protection law, data subjects may have the right to request access to their personal data, rectification, erasure, restriction of processing, data portability and objection to processing. Where processing is based on consent, consent may be withdrawn for the future. Requests can be sent to privacy@vibooz.com.

Data subjects may also have the right to lodge a complaint with a competent data protection supervisory authority.

13. Changes to this policy

The operator may update this policy when the platform, hosting, client project setup, legal requirements or data processing practices change. The current version is the version published on this page.

14. Important implementation note

This text is a strong operational template for the default Vibooz package, but it is not a substitute for individual legal review. Before launch, add the exact controller details, hosting details, retention rules, any processors, and any additional disclosures required by uploaded client websites.