VibeBIVibeBI
Legal & privacy

The fine print, kept plain.

VibeBI is free to use but not free to fork. And because it processes your data on your premises, here's exactly what that means under the major privacy frameworks.

1 · License — closed-source, free to use

VibeBI is closed-source free software. You may download, install, and use it inside your organization at no cost, with no license fees, seat fees, usage metering, or hidden terms. "Free" here means free of charge and free of buried conditions — not open source.

The software is licensed, not sold. VibeBI retains all intellectual property rights in the application, its binaries, models, prompts, and documentation. Your right to use the software is a non-exclusive, non-transferable license granted under these terms.

2 · Restrictions

Because VibeBI is closed-source, the following are not permitted:

  • No reverse engineering. You may not decompile, disassemble, or otherwise attempt to derive the source code, model weights, or internal logic of the software, except where such restriction is prohibited by applicable law.
  • No redistribution. You may not copy, resell, sublicense, rent, lease, or otherwise distribute the software or its components to any third party.
  • No removal of notices. You may not remove or alter any proprietary, copyright, or attribution notices.
  • No circumvention. You may not bypass or disable any technical protection or governance control built into the software.
In short. Use it freely inside your organization. Don't take it apart, and don't pass it on.

3 · Warranty & liability

VibeBI is provided "as is" and "as available," without warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. To the maximum extent permitted by law, VibeBI and its contributors are not liable for any indirect, incidental, or consequential damages arising from use of the software. You are responsible for validating outputs before acting on them.

Specifically:

  • VibeBI makes no representation regarding the accuracy, completeness, or reliability of any data, model, report, or query result it produces.
  • VibeBI is not warranted to be stable, error-free, or fit for production use without thorough testing and evaluation in your environment.
  • You accept all risk of direct or indirect consequences arising from its deployment or use.
  • Testing is your responsibility. Evaluate VibeBI independently in a non-critical environment before using it in any material capacity. Make your own informed decision about whether, and how, to deploy it.

In short: VibeBI is free software with no warranty. Test it thoroughly, trust your own judgment, and proceed at your own risk.

4 · Personal data — roles

This is the most important section if you process personal data. The roles are defined precisely:

PartyRoleMeans
You (the customer)ControllerYou determine the purposes and means of processing personal data. You own the data, the lawful basis, and the compliance duty.
VibeBIProcessorWe only process personal data on your behalf, on your infrastructure, under your instructions. We never determine purposes of our own.

VibeBI runs on your premises. Your warehouse credentials and LLM keys never leave your network, and personal data does not flow to VibeBI as a company. We are strictly a Processor — and in most deployments, a Processor whose software you operate yourself.

5 · How VibeBI processes personal data

As your Processor, here is what the software does with personal data — so that you, as Controller, have sufficient information to meet your own compliance obligations:

Processing aspectWhat happens
WhereEntirely within your on-premise environment. No personal data is transmitted to VibeBI-operated servers.
WhatWhatever warehouse fields you expose. VibeBI reads them read-only to build semantics, models, and reports.
WhyOnly to deliver the analytics functions you instruct — profiling, modeling, querying, reporting.
Access controlEvery field is tagged with a data domain and classification level. Reports inherit entitlements from the data they touch; access cannot be widened by sharing.
Sub-processorsLLM inference runs through your configured gateway. If you route to an external model provider, that provider becomes a sub-processor you select and govern.
RetentionDetermined by you. Report artifacts and audit logs live in your control-plane storage; you set retention and deletion.
AuditLogin, access, share, view, deny, and admin-change events are logged so you can produce an access-grant matrix for compliance review.
Controller toolkit. The exportable access-grant matrix (user × domain × classification × approver × validity) is designed to give you the evidence you need to demonstrate compliant access governance.

6 · Legal frameworks

Personal-data obligations vary by jurisdiction. VibeBI's Processor posture is designed to support your Controller duties under each major framework. This is informational, not legal advice — confirm specifics with your own counsel.

European Union — GDPR

  • You are the Controller (Art. 4(7)); VibeBI is a Processor (Art. 4(8)).
  • Processing is governed by your documented instructions, consistent with a Data Processing Agreement under Art. 28.
  • On-premise operation supports data residency and minimizes cross-border transfer concerns (Chapter V).
  • Audit logging and the access-grant matrix support your accountability obligations (Art. 5(2), Art. 30).

United States — CCPA / CPRA & sectoral law

  • VibeBI acts as a "service provider" under CCPA/CPRA — processing personal information only for your business purposes, not selling or sharing it.
  • On-premise deployment keeps personal information within your custody, supporting obligations under sectoral regimes (e.g. HIPAA, GLBA) where applicable.
  • You retain responsibility for consumer rights requests; VibeBI's read-only, on-prem model leaves source-of-record control with you.

China — PIPL

  • You are the personal information handler; VibeBI is an entrusted party processing on your behalf (PIPL Art. 21).
  • On-premise operation supports data localization expectations and avoids triggering cross-border transfer assessments for the platform itself.
  • Classification-aware access control aligns with sensitive-personal-information handling and minimization principles.

Other jurisdictions

The same Processor / entrusted-party posture and on-premise model are intended to support comparable frameworks (e.g. UK GDPR, Brazil LGPD, Canada PIPEDA). Where a framework requires a specific agreement, VibeBI's terms can be supplemented by a jurisdiction-appropriate data processing addendum.

7 · Contact

Questions about licensing, restrictions, or data processing? Reach us through the feedback form and select Contact / other. For a formal data processing agreement appropriate to your jurisdiction, note your framework in the message.

Contact us →