VibePoints
How it worksRidesFor MerchantsFor DriversFAQ
Get the app
← Back to vibepoints.app

VibePoints — Website Privacy Policy

Effective: July 6, 2026 — Version 1.0.0

Plain-language summary. This Policy covers this website only — vibepoints.app. It explains what we collect when you apply to become a merchant or driver, or submit a booking through a merchant's link, and your rights under the Data Protection Act, 2018 (Saint Christopher and Nevis). We do not sell your data. If you use the VibePoints mobile app, a separate Consumer, Merchant, or Driver Privacy Policy presented in the app covers that data instead.

1. Who is responsible for your data

The data user for the purposes of the Data Protection Act, 2018 is:

Ashton Amory trading as VibePoints Basseterre, Saint Christopher and Nevis Contact: tony@vibepoints.dev

2. What we collect on this website

WhereWhatRequired or optional?
Merchant or driver application (/merchants, /drivers)Your name, business name (merchants only), email address, phone number, plan of interestRequired to submit the form
Booking request (a merchant's /book link)Your name and email address (email is how a later reward gets linked to your account)Required
Booking request (same form)Phone number, a note to the merchant, party size, and your chosen service and timeOptional
Any form on this websiteA hidden anti-bot field that must stay blank, a form-load timestamp, and a Cloudflare Turnstile tokenAutomatic — not personal data collected for its own sake, used only to block bots
Any page on this websiteYour IP address and standard web request logsAutomatic, via our hosting provider and our rate-limiting/abuse-prevention service

We do not collect payment details on this website — bookings are paid directly to the Merchant, and applications do not involve payment.

3. Why we use it

What we doLawful basis (DPA 2018)
Reviewing and following up on a merchant or driver applicationSteps taken at your request prior to a contract
Passing your booking request to the Merchant, and linking a later reward to your accountPerformance of contract / your consent to the reward opt-in shown on the booking form
Blocking bots and abusive submissions (rate-limiting, Turnstile)Legitimate interests (platform security)
Responding to lawful requests from authoritiesCompliance with law

4. How we share it

  • Our verification partner, to review and process a merchant or driver application, including any KYC step.
  • Our cloud hosting and database provider, to record and route a booking request to the relevant Merchant.
  • Our email-delivery provider, to send you a booking or application confirmation.
  • Our rate-limiting and bot-protection provider, to evaluate whether a submission looks abusive.
  • Legal or regulatory authorities, where required by law.

We do not sell, license, or share your personal data with any third party for that party's commercial benefit. This is the same commitment that governs the VibePoints mobile app.

5. How long we keep it

  • Applications we don't act on are deleted within ninety (90) days; applications we dismiss, or that look like spam, are deleted within thirty (30) days.
  • If you go on to verify and activate an account, your application record is reduced to the minimum needed to link it to that account, and the free-text and technical details are deleted.
  • Booking requests are kept for as long as needed to operate the booking — including honouring the thirty (30) day window described in our Website Terms of Use during which a reward can still be linked — and, once a booking is completed, as part of the visited Merchant's own transaction records.
  • Records of your consent (for example, that you agreed to be contacted about your application) are kept indefinitely as evidence that our processing was lawful.

6. Cookies on this website

This website does not use advertising or third-party tracking or analytics cookies, and we do not run any analytics service on it. While the site is in private preview, we set a single essential cookie — set by our hosting provider's own access-protection feature — to remember that you have entered the preview password; it holds no personal information and expires automatically. Our fonts are bundled with the website at build time rather than loaded from a third party at runtime, so visiting this site does not send your data to a font provider. If we add analytics or any other tracking technology to this website in future, we will update this section first.

7. Your rights under the Data Protection Act, 2018

You have the right to access the data we hold about you, correct it if it is inaccurate, ask us to delete it (subject to the retention needs in Section 5), object to or restrict certain processing, and withdraw any consent at any time. To exercise any of these rights, email tony@vibepoints.dev. We will respond within one month. If you are not satisfied with our response, you may complain to the Information Commissioner of Saint Christopher and Nevis.

8. Children

This website is not directed at, and we do not knowingly collect personal data from, anyone under the age of eighteen (18).

9. Changes to this Policy

We may update this Policy from time to time. We will bump the version number at the top when we do. Material changes will be noted on this page.

10. Contact

Ashton Amory trading as VibePoints Basseterre, Saint Christopher and Nevis Contact: tony@vibepoints.dev For the attention of: Ashton Amory (data user, sole proprietor)


Data you provide inside the VibePoints mobile app — including Shells and Vibe+ activity, ride history, and Vibi conversations — is governed separately by the Consumer, Merchant, or Driver Privacy Policy presented in the app, not by this document.

VibePoints

Loyalty rewards and rides built for St. Kitts & Nevis. Keep your points in the federation.

Product

  • What is VibePoints
  • How it works
  • Rides
  • Get the app

Partners

  • For Merchants
  • For Drivers
  • FAQ

Company

  • About
  • Contact
  • Privacy
  • Terms
© 2026 VibePoints. All rights reserved.Available in St. Kitts & Nevis