Skip to main content
Start free

Product

Features How it works The Agent Safety & security About

Resources

Cookbook Blog Docs Support Alternatives
Pricing Sign in

Privacy Policy

Effective date: June 6, 2026

This Privacy Policy explains how SeedProd, LLC (“WPVibe”, “we”, “us”) collects, uses, discloses, retains, and protects information when you use the WPVibe website, WPVibe MCP server, ChatGPT app, and Vibe AI WordPress plugin (together, the “Service”).

WPVibe connects an AI client, such as ChatGPT or another MCP-compatible client, to WordPress sites that you authorize. Because the Service can read and change WordPress data at your direction, this policy describes both WPVibe account data and the WordPress content, metadata, and tool results that may pass through WPVibe.

Summary

  • We use your information to provide WPVibe, connect authorized WordPress sites, run the tools you request, secure the Service, provide support, enforce plan limits, and process billing.
  • When you use WPVibe inside ChatGPT or another AI client, that client sends WPVibe tool names and tool inputs, and WPVibe returns tool outputs to that client. The AI client’s own privacy policy and settings apply to information it receives.
  • WPVibe may process WordPress content and site data only when needed for a connection or a tool action you request.
  • We do not sell personal information, and we do not use your WordPress site content to train WPVibe-owned AI models.
  • You can disconnect sites, revoke WordPress Application Passwords, delete drafts or content on your WordPress site, and contact us to request access, correction, export, or deletion of WPVibe account data.

Information we collect and process

Website visitors and analytics

Like most online services, WPVibe collects information that browsers, servers, and analytics tools typically make available, such as IP-derived location, browser type, device information, language preference, referring site, pages viewed, and the date and time of each request. We use this information to understand how the Service is used, troubleshoot issues, protect the Service, and improve WPVibe.

We use Google Analytics on the WPVibe website. Google Analytics may set cookies and collect information about how visitors use the site. Google processes that information according to its own privacy practices.

Account, sign-in, and billing information

We collect account information you provide or that is necessary to operate the Service, including email address, account identifiers, sign-in state, session cookies, plan, billing status, Stripe customer and subscription identifiers, support messages, and related timestamps. WPVibe uses magic links and secure session cookies so you can sign in without creating a WPVibe password.

If you purchase a paid plan, payment is handled by Stripe. WPVibe stores Stripe customer and subscription identifiers, plan information, and billing status so we can manage subscriptions and usage limits. WPVibe does not store full payment card numbers.

Connected WordPress sites

When you connect a WordPress site, WPVibe stores information needed to operate that connection, including the site URL, site name, connection status, WordPress username, and a WordPress Application Password or authorization credential generated for WPVibe. Application Passwords are encrypted at rest using AES-GCM encryption. We do not store your normal WordPress account password, and you should not paste WordPress passwords, API keys, MFA codes, or other secrets into an AI chat unless the tool explicitly requires an application-specific credential for a connection you are authorizing.

WPVibe may contact your WordPress site, the site’s web host, and the Vibe AI plugin installed on your site to verify the connection, read requested data, perform requested changes, and return results to your AI client.

ChatGPT app and MCP tool inputs and outputs

When you use WPVibe through ChatGPT or another MCP-compatible client, the client may send WPVibe the tool name, tool input fields, the WordPress site URL, user-provided instructions or snippets relevant to the requested task, and related context needed to run the tool. WPVibe returns tool results to that client. Those results may include WordPress data and user-related fields if the requested WordPress operation returns them.

Depending on the tools you use and the permissions of the connected WordPress account, WPVibe may process and return the following categories of data:

  • Connected site records: site names, site URLs, connection status, connection timestamps, and WPVibe account identity context.
  • Site diagnostics: WordPress version, PHP version, active theme, installed themes, installed plugins, plugin versions, REST API namespaces, WP-CLI availability, performance timings, and error messages.
  • WordPress content and metadata: posts, pages, custom post types, titles, slugs, excerpts, content, rendered HTML, publication status, dates, authors, categories, tags, comments, media records, featured image IDs, links, and custom metadata when requested through the WordPress REST API, WP-CLI, plugin abilities, page HTML inspection, or theme workflows.
  • WordPress user and administrative data: usernames, display names, email addresses, roles, capabilities, application-password status, plugin settings, site options, taxonomy terms, database query results, and other admin data if you ask WPVibe to run a WordPress REST API request, WP-CLI command, or plugin ability that returns those fields.
  • Theme and file data: draft theme names, file paths, file listings, file contents, line numbers, file outlines, search results, edits, new file contents, deleted file names, preview URLs, published theme status, and theme backup or publish results.
  • Plugin abilities: ability names, descriptions, input schemas, output schemas, metadata, and the results of abilities you run through plugins that support the WordPress Abilities API.
  • Media and images: search terms, Unsplash photo metadata and photographer attribution, image URLs, uploaded attachment IDs, media URLs, alt text, titles, dimensions, MIME type, and the post ID an upload is attached to when provided.
  • Rendered pages and screenshots: public or preview URLs, selected HTML fragments, full rendered HTML up to the requested length, screenshot image data, viewport information, and page-load errors when you ask WPVibe to inspect or capture a page.
  • Operational approvals: parameters for potentially destructive operations, dry-run previews, approval or decline status, approval timestamps, and execution results when WPVibe requires explicit browser approval before running a risky action.
  • Tool errors and debugging information: WordPress error codes, HTTP status codes, recovery hints, rate-limit messages, Cloudflare challenge messages, and truncated response-size notices.

WPVibe tools are flexible because WordPress itself is flexible. If you use a broad REST API route, WP-CLI command, plugin ability, or database query, the output may include personal information stored in your WordPress site, such as names, email addresses, comments, customer records, form submissions, or other site-specific data. Use narrowly scoped requests and avoid asking WPVibe to process sensitive information unless it is necessary for your task and permitted by law and your own privacy notices.

Tool usage, security, and support logs

To operate, secure, debug, and improve the Service, WPVibe records usage information such as tool name, site URL, action detail, status, error type, duration, user ID, email, plan, MCP client name/version, session ID, usage counts, authentication events, pricing-page and checkout events, and support correspondence. For code-mode workflows, WPVibe may record a hash and length of executed code for debugging and abuse prevention, but not the full code text in analytics.

How we use information

We use the information described above to:

  • authenticate users and maintain secure sessions;
  • connect, list, inspect, and remove authorized WordPress sites;
  • read, create, update, delete, preview, publish, upload, or inspect WordPress data only as requested through WPVibe tools;
  • return requested tool results to ChatGPT or the AI client you use;
  • run safety checks, approval workflows, rate limits, plan limits, and abuse prevention;
  • troubleshoot errors, provide support, monitor reliability, and improve the Service;
  • process payments and manage subscriptions through Stripe;
  • send magic links, service emails, and support responses;
  • comply with legal obligations, enforce our terms, and protect the rights, safety, and security of WPVibe, users, and others.

Who receives information

We disclose information only as needed for the Service, your requested workflows, or legal and security reasons. Categories of recipients include:

  • Your AI client and model provider, including OpenAI/ChatGPT when you use the WPVibe ChatGPT app: WPVibe returns tool outputs to the AI client that invoked the tool. That client may display, store, or process those outputs under its own privacy policy and settings.
  • Your connected WordPress site and hosting provider: WPVibe sends authenticated requests to the WordPress site you authorize so it can perform the requested operation.
  • Cloudflare: hosting, Workers, D1 database, KV storage, R2/storage, Browser Rendering when used, security, logs, and analytics infrastructure.
  • Stripe: payment processing, checkout, subscription management, and billing records.
  • Email providers such as SendLayer: magic links, service emails, and support communications.
  • Google Analytics: website usage analytics on wpvibe.ai.
  • Unsplash or similar media providers: image search queries, image metadata, download tracking, and image URLs when you use image search or upload workflows that rely on those providers.
  • Professional, legal, security, and business-transfer recipients: advisors, authorities, or successor entities when required by law, to protect rights and security, or in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal information.

Data retention

We keep information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required by law, security, fraud prevention, dispute resolution, tax, accounting, or legitimate business needs. Current retention practices include:

  • Magic links and temporary authorization state: typically expire after 15 minutes.
  • Session cookies: retained until they expire, you sign out, or they are cleared from your browser.
  • Connected site records and encrypted WordPress Application Passwords: retained until you disconnect the site, revoke access, delete your WPVibe account, or ask us to delete them, subject to backup and legal retention needs.
  • Pending operation approvals: approval links expire after about 10 minutes. Pending rows are normally purged shortly after expiration, subject to lazy cleanup. Executed or declined approval details may be retained in operational records for security, audit, and support purposes.
  • Tool usage, authentication, error, and security logs: generally retained for up to 24 months unless needed longer for security, abuse prevention, legal compliance, or an active support matter.
  • Billing records: retained as required for accounting, tax, chargeback, fraud prevention, and legal obligations.
  • Support messages: retained as long as needed to handle the request and maintain a support history, generally no longer than 3 years unless needed for legal, security, or business reasons.
  • WordPress content, media, drafts, theme backups, and plugin data on your WordPress site: retained by your WordPress site and hosting provider according to your own settings and policies. WPVibe-created draft themes, uploads, published changes, or backups remain on your WordPress site until you or your site removes them.

Your controls and choices

  • Disconnect WPVibe from a site: remove the site in WPVibe or revoke the WPVibe Application Password in WordPress under Users > Profile > Application Passwords.
  • Control ChatGPT app access: manage or disconnect WPVibe from ChatGPT in ChatGPT’s app or connector settings. OpenAI’s settings govern ChatGPT conversation retention, model-improvement choices, and app permissions.
  • Review before risky actions: WPVibe may require explicit browser approval before destructive or high-risk WordPress operations. You can approve, decline, or let the approval link expire.
  • Limit tool outputs: ask for specific fields, use narrow REST routes or WP-CLI commands, and avoid broad database or user-list queries unless needed.
  • Delete or edit WordPress content: use your WordPress admin, WPVibe tools, or your hosting provider to remove drafts, media, theme files, posts, pages, comments, users, backups, or other site data on your own WordPress site.
  • Cookies and analytics: configure your browser to block cookies or use available analytics opt-out tools. Some parts of the Service may not function properly without cookies.
  • Account requests: contact us to request access, correction, deletion, export, or restriction of WPVibe account data, subject to legal and security limits.

Security

We use technical and organizational safeguards designed to protect information, including HTTPS, encrypted storage for WordPress Application Passwords, scoped authorization flows, approval workflows for risky actions, access controls, and monitoring for errors and abuse. No online service can guarantee absolute security. You are responsible for the permissions you grant to WPVibe, the data stored on your WordPress site, and the prompts or tool requests you send through your AI client.

Cookies

WPVibe uses cookies and similar technologies to keep you signed in, protect OAuth and authorization flows, remember preferences, and understand website usage. Google Analytics may also use cookies for website analytics. You can configure your browser to refuse cookies, though some parts of the Service may not function properly without them.

Aggregated statistics

We may publish aggregated, non-identifying statistics about use of the Service. Such statistics do not directly identify an individual user.

International processing

We and our service providers may process information in the United States and other countries where we or they operate. Those countries may have privacy laws different from where you live.

Your rights under GDPR and other privacy laws

Depending on where you live, you may have rights to access, correct, delete, restrict, port, or object to certain processing of your personal information, and to withdraw consent where processing is based on consent. To exercise these rights, contact us at the address below. We may need to verify your request and may retain information where required or permitted by law, for security, fraud prevention, billing, dispute resolution, or other legitimate purposes.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn we have collected such information, we will delete it.

Business transfers

If WPVibe or substantially all of its assets are acquired, merged, financed, reorganized, or sold, user information may be among the assets transferred, subject to this policy or a policy with materially similar protections.

Changes to this policy

We may update this Privacy Policy from time to time. The effective date above shows when this policy was last updated. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact

Questions or privacy requests can be sent to [email protected].