Privacy Policy

1. Scope & Controller

This Privacy Policy explains how VacayBuddy (the “Company”, “we”, “us”) collects, uses, discloses, and protects personal information in connection with our Slack‑integrated leave management service and related websites. If you disagree with this policy, please discontinue use of the Service.

2. Information We Collect

  • Account & Workspace Data: name, email, Slack user/workspace identifiers, role, profile details provided by Slack.
  • Leave & Admin Data: leave requests, approvals/denials, templates and policies you configure, audit logs.
  • Usage & Device Data: app/page interactions, timestamps, IP address, browser/OS info, cookies or similar technologies.
  • Communications: messages you send to support or via feedback forms.
  • Calendar Data (optional): when linked, target calendar ID and created event metadata (title, dates); we do not read unrelated events.

3. How We Use Information

  • Provide, operate, and improve the Service (including analytics and troubleshooting).
  • Authenticate users and integrate with Slack and Google Calendar (if connected).
  • Send administrative notices and respond to inquiries.
  • Prevent fraud/abuse, enforce terms, and protect security.
  • Comply with legal obligations.

4. Legal Bases (EEA/UK users)

Where GDPR/UK GDPR applies, we rely on the following bases: performance of a contract (operating the Service), legitimate interests (security, improvement, communications), consent (optional integrations/marketing), and legal obligations (compliance, record‑keeping).

5. Sharing & Disclosure

  • Service Providers: cloud hosting, analytics, error monitoring, and email providers working on our behalf under agreements.
  • Legal/Safety: to comply with law, enforce terms, or protect rights, safety, or property.
  • Business Transfers: in mergers, acquisitions, or asset sales; we will give notice where required.
  • No sale: we do not sell personal information.

6. International Transfers

Your information may be processed in countries with different data protection standards. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) to protect your data.

7. Retention

We keep personal data only as long as necessary for the purposes described or as required by law. Anti‑abuse records may be retained for up to one year after account deletion.

8. Security

We employ administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission or storage is completely secure.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, receive a copy (portability), and withdraw consent where applicable. To exercise rights, contact us below.

California residents may have rights under the CCPA/CPRA (e.g., know, delete, correct, opt‑out of certain sharing). We do not sell personal information as defined by CCPA.

10. Cookies & Similar Technologies

We use cookies or similar technologies for essential functions, analytics, and improving the Service. You can manage preferences via your browser settings.

11. Children

The Service is not directed to children under 13 (or 16 where applicable).

12. Changes to This Policy

We may update this policy and will indicate the “Effective Date” below.

13. Contact

Data Protection Contact

Name: Seungwoo Lee

Title: CEO

Phone: +82-10-9894-1131

Email: letnaturebe@newvibot.com

Effective Date

Effective as of 2025‑04‑11.