Privacy Policy

Last updated: March 21, 2026

1. Introduction

VattheBest, a product of Aviera Labs ("we", "our", or "us"), operates the website located at https://vatthebest.com (the "Site"). This Privacy Policy describes our practices regarding the collection, use, storage, sharing, and protection of your personal information when you access or use our Site and related services.

By using our Site, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Site.

2. Information We Collect

2.1 Information You Provide

Newsletter subscription — email address when you subscribe to receive updates
Tool submissions — tool name, URL, description, category, pricing model, and your email address when you submit an AI tool for listing
Admin account — email and password for admin users (hashed, never stored in plain text)
Contact communications — any information you provide when contacting us via email

2.2 Information Collected Automatically

Usage data — pages visited, tools viewed, search queries, tools clicked, upvote activity, filter usage, scroll depth, time on page
Device information — browser type and version, operating system, screen resolution
Network information — IP address, approximate geographic location (country-level via CloudFront headers), referral URL
Click tracking — when you click "Visit" on a tool, we log the tool name, timestamp, referrer, and user agent for analytics

2.3 Information We Do NOT Collect

Passwords of site visitors (admin passwords are bcrypt-hashed)
Payment or financial information
Social Security numbers or government IDs
Precise geolocation data
Biometric data
Data from minors under 13 years of age

3. How We Use Your Information

Site operation — to display tools, process searches, render pages, and maintain functionality
Newsletter delivery — to send periodic emails about new AI tools, updates, and curated picks (only if you subscribe; you can unsubscribe at any time)
Tool submission review — to evaluate, approve, edit, or reject submitted AI tools
Analytics and improvement — to understand how users interact with the Site, identify popular tools, optimize search, and improve user experience
Monetization — to track affiliate link clicks and measure revenue from tool referrals
Security — to detect abuse, enforce rate limits, prevent spam upvotes, and protect against unauthorized access
Legal compliance — to comply with applicable laws, regulations, or legal requests

4. Cookies, Tracking, and Local Storage

4.1 Google Analytics

We use Google Analytics 4 (GA4) to collect anonymous usage statistics. GA4 may set cookies on your browser to distinguish unique users and throttle request rates. Data collected includes page views, session duration, traffic sources, device type, and user interactions (tool clicks, search queries, upvotes).

Google Analytics data is processed by Google LLC. For more information, see Google's Privacy Policy and Google Analytics Data Practices.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.2 Local Storage

We use browser localStorage to store your upvote history (which tools you've upvoted) to prevent duplicate voting. This data stays on your device, is not transmitted to our servers, and contains no personal information. You can clear it at any time via your browser settings.

4.3 Session Cookies

Admin authentication uses secure HTTP-only session cookies managed by NextAuth.js. These cookies are essential for admin panel functionality and contain no personal information beyond a session identifier.

4.4 No Advertising Cookies

We do not use advertising cookies, retargeting pixels, or any form of cross-site tracking. We do not participate in ad networks or sell/share data for advertising purposes.

5. Affiliate Links and Third-Party Services

Our Site contains links to third-party AI tools and services. Some of these are affiliate links, meaning we may earn a commission if you make a purchase through them, at no additional cost to you. Affiliate links are marked with rel="sponsored" in the HTML.

When you click any external link, you leave our Site and become subject to that third party's privacy policy and terms. We have no control over and assume no responsibility for the content, privacy practices, or data collection of external websites.

Third-party services we integrate with:

Google Analytics (analytics) — Google LLC, USA
YouTube (embedded demo videos) — Google LLC, USA
AWS (hosting and database) — Amazon Web Services, USA

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

Service providers — with AWS (hosting) and Google (analytics) as described above, solely for the purpose of operating the Site
Legal requirements — if required by law, subpoena, court order, or governmental request
Protection of rights — to protect the rights, property, or safety of VattheBest, our users, or the public
Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity

7. Data Retention

Newsletter subscribers — email addresses are retained until you unsubscribe or request deletion
Tool submissions — retained indefinitely for review and historical record
Click events — retained for 12 months for analytics, then aggregated or deleted
Usage data (Google Analytics) — retained according to Google's data retention settings (default 14 months)
Admin accounts — retained as long as the account is active
Rate limiting data — IP-based rate limit counters are held in memory and automatically expire within minutes

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 General Rights

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate personal data
Deletion — request deletion of your personal data (email from subscriber list, tool submissions)
Opt-out — unsubscribe from newsletters or opt out of analytics tracking
Data portability — request your data in a machine-readable format

8.2 For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

Our legal basis for processing personal data includes: consent (newsletter), legitimate interests (analytics, security), and contract performance (tool submission review).

8.3 For California Users (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your information, and opt out of the sale of your information. We do not sell personal information.

8.4 For Indian Users

If you are located in India, your data is processed in accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. You have the right to access, correct, and erase your personal data.

To exercise any of these rights, contact us at contact@avieralabs.com. We will respond within 30 days.

9. Data Security

We implement the following security measures to protect your data:

HTTPS/TLS encryption — all data transmitted between your browser and our servers is encrypted
Security headers — Content-Security-Policy, X-Frame-Options, HSTS, X-Content-Type-Options, and more
Password hashing — admin passwords are hashed using bcrypt with a cost factor of 12
Rate limiting — API endpoints are rate-limited to prevent abuse (upvotes: 30/min, subscribe: 5/min, clicks: 60/min)
Database security — RDS database is within a VPC with restricted access. Input validation via Zod schemas prevents injection attacks
Admin authentication — admin panel protected by NextAuth.js middleware with JWT session tokens

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

10. International Data Transfers

Our servers are located in the United States (AWS us-east-1 region). If you are accessing the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Site, you consent to this transfer.

11. Children's Privacy

Our Site is not intended for children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Do Not Track Signals

Our Site does not currently respond to "Do Not Track" (DNT) browser signals. However, you can opt out of Google Analytics tracking using the opt-out browser add-on linked above.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make changes, we will update the "Last updated" date at the top of this page. Material changes will be communicated via a prominent notice on the Site. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@avieralabs.com
Website: https://vatthebest.com