Privacy
Privacy Policy
This Privacy Policy explains how personal data is processed on the Vibeperform website.
It reflects the services used on the website: consentmanager, Google Analytics, Google Calendar appointment booking, and a custom chat iframe connected to the Gemini API.
Last updated: 2 July 2026
1. Controller
The controller within the meaning of the GDPR is:
Codum GmbH
Zeller Str. 29
D-82067 Ebenhausen
Germany
VibePerform is a brand of Codum GmbH.
Managing director: Isabella Hoesch
Email: contact@vibeperform.com
2. Hosting via GitHub Pages
This website is hosted via GitHub Pages. The provider is GitHub, Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA.
When the website is accessed, technical access data is processed. This may include IP address, access time, requested URL, referrer, browser and operating system data.
The legal basis for operating the website is Art. 6(1)(f) GDPR. Our legitimate interest is the secure, stable and efficient delivery of our website.
Processing in the United States cannot be ruled out. The retention of technical log and security data depends on what is required for operation, security and legal obligations.
3. Consent management
We use a consent management tool from consentmanager. It is used to request and document consent and to block or enable services depending on your selection.
Processed data may include consent status, timestamps, technical identifiers and browser information. Legal bases are Art. 6(1)(c) GDPR for legal documentation obligations and Art. 6(1)(f) GDPR for technical consent administration. Where information is stored on or read from the device, Section 25 TDDDG also applies.
Consent data is retained according to the settings and contract terms in the consentmanager account.
4. Google Analytics
This website uses Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics helps us understand which content is used and how the website can be improved. Usage data, technical device information, shortened or otherwise processed IP addresses, page views and interactions may be processed.
The service is used only on the basis of consent where consent is required. Legal bases are Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn through the consent tool.
Google Analytics stores user-level and event-level data for 2 months by default; depending on the property setting, standard properties can be configured to 14 months. Aggregated reports may remain available for longer.
For Google services, transfers to third countries, including the United States, cannot be ruled out. According to Google, such transfers rely on safeguards such as standard contractual clauses or applicable adequacy mechanisms.
5. Appointment booking via Google Calendar
For booking a meeting, the website links to a Google Calendar booking page. When the booking page is opened and used, technical access data and the booking data you enter are processed.
If you book an appointment, we process the information required to prepare, conduct and follow up on the meeting. This may include name, email address, appointment time, organisation, request details and other voluntary information.
The legal basis is Art. 6(1)(b) GDPR where the booking relates to pre-contractual steps or collaboration; additionally Art. 6(1)(f) GDPR for efficient scheduling and communication.
Google Calendar appointments remain stored in the Google Workspace/Google account by default until we, an administrator or the applicable deletion and retention settings delete them. If Google Vault or custom retention rules are used, those rules take precedence.
6. Email contact
If you contact us by email at contact@vibeperform.com, we process your email address, the content of your message and related technical metadata.
The legal basis is Art. 6(1)(b) GDPR where your message concerns a contract or pre-contractual request; otherwise Art. 6(1)(f) GDPR because we have a legitimate interest in answering genuine inquiries.
7. Chat iframe connected to the Gemini API
The German home page embeds a custom chat snippet as an iframe. The chat provides AI-supported help for questions about Vibeperform.
When you use the chat, your inputs, conversation context, technical usage data and any contact details voluntarily entered may be processed. The chat is connected to the Gemini API; inputs may therefore be transmitted to Google services to generate a response.
Please do not enter confidential trade secrets, special categories of personal data under Art. 9 GDPR or data relating to third parties unless this is necessary and legally permitted.
The legal basis is Art. 6(1)(a) GDPR where the chat is loaded based on your active use or consent; Art. 6(1)(b) GDPR where the conversation serves pre-contractual steps; additionally Art. 6(1)(f) GDPR for providing an efficient information service. If the iframe stores or reads information on your device, Section 25 TDDDG also applies.
Technical logs of the chat service are stored according to the default retention periods of the Google Cloud services used. For Cloud Logging, standard log buckets typically retain logs for 30 days unless a different retention period is configured. For the Gemini API, prompts, responses and technical metadata may be stored under Google defaults for up to 55 days for abuse monitoring and service safety.
8. Retention
We store personal data only for as long as required for the respective purpose or by statutory retention obligations. Contact and booking data is deleted once the inquiry has been completed unless statutory retention or documentation obligations apply.
For GitHub Pages, consentmanager, Google Workspace/Calendar, Google Analytics, Google Cloud Run and the Gemini API, the provider defaults and account settings described above apply in addition.
Business correspondence and contractual records are retained according to statutory commercial and tax retention periods where such obligations apply.
9. Voluntary information and automated decisions
Using appointment booking, email contact and chat is voluntary. Without the required information, we cannot process the respective request.
No automated decision-making with legal or similarly significant effects takes place.
10. Your rights
Subject to the GDPR requirements, you have rights of access, rectification, erasure, restriction of processing, data portability and objection. Where processing is based on consent, you may withdraw that consent at any time with effect for the future.
You also have the right to lodge a complaint with a data protection supervisory authority.