Let's VIBEConnected Classroom
How It WorksFor SchoolsAbout

Privacy Policy

Effective date: May 1, 2026

1. Introduction

Let's VIBE, Inc. ("Let's VIBE," "we," "us," or "our") operates an AI creative learning platform and curriculum program delivered through private schools in Brasil. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our platform and services.

This policy applies to all users of the Let's VIBE platform, including school administrators, teachers, and students who access the platform through their school's institutional subscription. If you are a student, your school has entered into an agreement with Let's VIBE on your behalf and is responsible for ensuring your access to the platform is appropriate under applicable law.

By accessing or using the Let's VIBE platform, you acknowledge that you have read and understood this Privacy Policy. Schools agree to this policy on behalf of their students and staff as part of their institutional contract with Let's VIBE.

2. Our Role as a Data Processor

Let's VIBE is a business-to-business (B2B) service provider. Schools and educational institutions are our direct clients (data controllers). We act primarily as a data processor with respect to student information - we handle that data on behalf of and under the instruction of the school.

This distinction matters under applicable data protection laws including the Lei Geral de Protecao de Dados (LGPD) and, where applicable, the General Data Protection Regulation (GDPR). The school bears responsibility for the lawful basis of processing student data and for securing any required consents from parents or guardians prior to enrolling students on the platform.

For information we collect directly from school administrators and teachers (such as account registration data), we act as a data controller in our own right.

3. Information We Collect

3.1 From Schools and Teachers

When a school registers for Let's VIBE or a teacher creates an account, we collect:

  • Full name
  • Work email address
  • School or institution name and location
  • Role within the institution (administrator, teacher, coordinator)
  • Contact phone number (optional)

3.2 From Students (via the School)

Student accounts are created and managed by the school. Through normal use of the platform, we collect:

  • Name (first name and last name)
  • School-issued email address
  • Grade level or year group
  • Creative track selection (e.g., GameDev, SoundWave, Visual Arts, AppBuilder, StoryTeller)
  • Module completion status and progress data
  • Project submissions and creative work uploaded to the platform
  • Earned badges and achievement records
  • XP (experience points) and level data generated through platform activity

3.3 Usage and Technical Data

When you use the platform, we automatically collect certain technical information to operate and improve the service:

  • Browser type and version
  • Device type and operating system
  • IP address (used for security and fraud prevention, not for profiling)
  • Session duration and feature usage patterns (aggregated)
  • Error logs and performance data

We do not use tracking cookies for behavioral advertising. We do not build advertising profiles on users of any age.

3.4 Payment Information

We do not collect payment card information directly through the platform. School billing is handled through a separate invoicing process. All financial transactions are managed outside the platform, either directly or through a third-party billing provider.

4. How We Use Your Information

We use the information we collect to:

  • Create and manage user accounts and school subscriptions
  • Deliver curriculum content, module assignments, and platform features
  • Track and display student progress to the student and their teacher
  • Generate progress reports and completion records for teachers and administrators
  • Administer achievement systems (badges, XP, levels) that motivate student engagement
  • Provide technical support and respond to inquiries
  • Diagnose technical issues, improve platform stability, and optimize performance
  • Improve curriculum content based on anonymized and aggregated usage patterns
  • Comply with applicable legal obligations

We process data only for the purposes described in this policy. We do not use student data for commercial purposes unrelated to delivering educational services.

5. How We Share Information

We do not sell personal data. We do not share personal data with third parties for advertising or marketing purposes. We may share data in the following limited circumstances:

5.1 Cloud Infrastructure and Hosting

The Let's VIBE platform is hosted on Vercel (infrastructure) and uses Neon or compatible PostgreSQL-compatible database services for data storage. These providers act as subprocessors and handle data only as necessary to provide the hosting service. They are bound by appropriate data processing agreements.

5.2 Within Your School

Teacher accounts at a school can view the progress and submissions of students enrolled in their cohort. School administrators can view enrollment and completion data for students at their institution. Students cannot view other students' individual data.

5.3 Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, user data may be transferred as part of that transaction. We will notify schools of any such change and ensure the acquiring entity is bound by data protection obligations consistent with this policy.

6. Children's Privacy and COPPA Compliance

Let's VIBE serves students ages 10 through 16, which includes children under the age of 13 in the United States. The Children's Online Privacy Protection Act (COPPA) imposes specific requirements for operators of websites and online services that collect personal information from children under 13.

Let's VIBE complies with COPPA through the school-operated model. We do not collect personal information directly from children or their parents or guardians. Instead, student accounts are created and managed entirely by the school as an institutional customer. Under COPPA's school official exception, schools may consent to the collection of student information on behalf of parents when the data collection is used solely for educational purposes within the school context.

Schools that enroll students under the age of 13 represent and warrant that they have obtained all necessary parental or guardian consents required under applicable law, including COPPA, before enrolling those students in the Let's VIBE platform.

We limit our collection of data from students under 13 to what is reasonably necessary for educational purposes. We do not condition participation in the program on a student providing more information than is necessary.

Parents or guardians who wish to review, correct, or request deletion of their child's information should contact their school, which retains control over student data. Schools may then coordinate with us at privacy@letsvibe.com.

7. LGPD Compliance (Lei Geral de Protecao de Dados)

Brazilian schools and their students are protected by the Lei Geral de Protecao de Dados (LGPD), Law No. 13,709/2018. Let's VIBE is committed to compliance with the LGPD in connection with the processing of personal data of individuals in Brasil.

Our LGPD commitments include:

  • Purpose limitation: We collect and use personal data only for the educational purposes described in this policy and our agreements with schools.
  • Data minimization: We collect only the data necessary to deliver the platform and curriculum program. We do not collect surplus information.
  • Transparency: This policy is written in plain language and made available to all users. Schools receive a Data Processing Addendum as part of their contract.
  • Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.
  • Data subject rights: Users have the right to confirm the existence of processing, access their data, correct inaccurate data, request anonymization or deletion of unnecessary data, request data portability, and object to processing. Requests should be directed to privacy@letsvibe.com.

Our Data Protection Officer (DPO) can be reached at privacy@letsvibe.com. For data protection matters governed by Brazilian law, students and their schools may also contact the Autoridade Nacional de Protecao de Dados (ANPD).

8. Data Retention

We retain personal data for as long as the school's contract with Let's VIBE is active. Data is used to provide the platform and generate records accessible to the school during the subscription period.

Upon termination or non-renewal of a school's contract:

  • The school will have 30 days from the contract termination date to request an export of their data in a portable format.
  • Within 90 days of contract termination, all personal data associated with that school will be permanently deleted or irreversibly anonymized from our systems, except where retention is required by law.

Anonymized, aggregated data (such as aggregate cohort performance metrics) may be retained beyond the contract period for curriculum improvement and reporting purposes, provided it cannot reasonably be used to identify any individual.

9. Security

We take the security of personal data seriously, particularly given that our users include minors. Our security practices include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest in our database infrastructure
  • Role-based access controls that limit which staff members can access user data
  • Regular security reviews and vulnerability assessments
  • Authentication controls including strong password requirements
  • Logging and monitoring of access to sensitive data

No security system is impenetrable. In the event of a data breach that affects personal data, we will notify affected schools promptly and in compliance with applicable law, including LGPD notification requirements to the ANPD where applicable.

10. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

  • Access: Request confirmation of whether we process your data and receive a copy of that data.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to certain types of processing.

For student data, rights are typically exercised through the school. Schools may submit data subject requests on behalf of students to privacy@letsvibe.com. We will respond to verified requests within the timeframes required by applicable law.

Teachers and administrators may exercise their rights directly by contacting us at privacy@letsvibe.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this policy and notify schools via email or through an in-platform notice.

Continued use of the platform after the effective date of an updated policy constitutes acceptance of the revised terms. Schools that do not agree to a material change may terminate their contract in accordance with its terms.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Let's VIBE, Inc.

Privacy and Data Protection

privacy@letsvibe.com
Let's VIBE - Connected Classroom