Legal

Privacy Policy

Last updated: May 22, 2026

VibeScan (“we”, “us”, “our”) operates vibe-scan.app. This policy describes what data we collect when you use VibeScan and how we use it.

What we collect

Scan inputs

When you run a URL scan, we fetch and analyze the public surface of the URL you submit. The URL and aggregate scan results (finding categories, severity counts) are stored in our database to power the scan history and statistics features. We do not store the full content of scanned pages.

AI prompt and lockfile scans

Text payloads submitted for AI prompt or lockfile scans are processed to generate findings and then discarded. We store the findings (check names, severity, descriptions) but not the raw input text you submitted.

Account data

If you create an account or purchase a paid scan, we store your email address. Payments are processed by Stripe. We do not store payment card details.

Usage data

We collect standard server logs (IP address, request path, timestamp, response code) for rate limiting, abuse prevention, and debugging. These logs are retained for 30 days.

What we do not collect

  • We do not require GitHub access or any OAuth connection to your repositories.
  • We do not store secrets or API keys found during scans — only the finding metadata (type, severity, affected resource).
  • We do not sell or share your data with third parties for advertising purposes.
  • We do not track you across other websites.

How we use your data

  • To run your security scans and return results.
  • To display your scan history if you have an account.
  • To compute aggregate statistics (total scans, finding counts by severity) shown on the homepage. These are anonymous totals — no individual scan data is exposed.
  • To prevent abuse via rate limiting.
  • To send you scan reports or account notifications if you opt in with your email.

Third-party services

Supabase — database and authentication. Data is stored in Supabase's managed Postgres.

Stripe — payment processing. Card data never touches our servers.

Vercel — hosting and CDN. Requests pass through Vercel's infrastructure.

Anthropic / OpenAI — AI models used to analyze scan results and generate fix guidance. Scan payloads sent to these services are not used to train their models per our API agreements.

Data retention

Scan results are retained indefinitely for users with accounts so you can access your history. For anonymous scans, results are retained for 90 days. You can request deletion of your data at any time by emailing support@vibe-scan.app.

Your rights

You can request access to, correction of, or deletion of your personal data at any time. To make a request, email support@vibe-scan.app. We will respond within 30 days.

Contact

Questions about this policy: support@vibe-scan.app

Terms of Service · Back to VibeScan