Trust Centre
Trust, Security & Privacy
This page is maintained by the VybeRightNow team to answer common security and privacy questions about VybeRightNow. It describes controls and practices currently in place — it is not an independent certification or audit.
What VybeRightNow is
VybeRightNow is a real-time local guide to bars, restaurants and live music in Albufeira and the wider Algarve. Most of the site is publicly browsable. Accounts are optional and used for saving venues, partner venue management, and administration.
Accounts & authentication
- Sign-in is handled by our backend auth provider with email + password and Google sign-in.
- Passwords are never stored by VybeRightNow directly — credentials are managed by the auth provider.
- Sessions use short-lived tokens that refresh automatically; signing out revokes the session in your browser.
- Role-based access (partner, admin) is enforced server-side, not in the browser.
Data we collect
- Account data you provide: email, display name, and (for venue partners) contact details.
- Saved venues and preferences you choose to store on your account.
- Venue application submissions from the “List your venue” form.
- Basic technical logs (errors, request metadata) used to keep the service running.
We do not sell personal data.
How your data is protected
- Traffic to and from the site is served over HTTPS.
- Database access is governed by row-level security policies so accounts only see their own private data.
- Privileged operations run server-side through authenticated functions, not from the browser.
- Secrets and API keys are kept in server-side secret storage and are never shipped to the client.
Subprocessors & integrations
We rely on a small number of providers to operate the service, including our hosting and backend platform (database, auth, storage, edge functions), email delivery for account and transactional messages, and map tiles for venue locations. These providers process data only to deliver their part of the service.
Cookies & analytics
We use the cookies and local storage required to keep you signed in and remember your preferences (such as saved venues). We do not run third-party advertising trackers.
Retention & deletion
Account data is kept while your account is active. If you would like your account or a venue application removed, contact us using the details below and we will action the request.
Reporting a security issue
If you believe you have found a security issue, please contact us privately before disclosing it publicly. Use the phone numbers in the site footer or email the address shown on the About and For Venues pages. We aim to acknowledge reports within a few business days.
Shared responsibility
Security is a shared responsibility. VybeRightNow maintains the platform controls described above; you are responsible for keeping your sign-in credentials safe, using a strong unique password, and signing out on shared devices. Venue partners are additionally responsible for the accuracy of the content they publish.
This page is editable content maintained by the VybeRightNow team. It is not a certification and does not constitute a legal warranty. Last reviewed: 2026.