Privacy Policy

Effective date: June 6, 2026

What we collect

We collect the following information when you use vibe-safe-ai:

• GitHub OAuth token — stored temporarily and permanently deleted from our database immediately after your scan completes.
• GitHub username and avatar — obtained via GitHub OAuth and used to identify your account.
• Email address — obtained from your GitHub OAuth profile and used only to send you the scan-complete notification email.
• Stripe payment data — processed entirely by Stripe. We never store your card details.
• Scan results — security findings from your repository are stored in our database and linked to your account.

How we use it

We use your data solely to:

• Run security scans on the repository you selected.
• Send you the scan-complete notification email.
• Display your purchase history and scan credits.

We do not sell or share your data with third parties.

Data retention

GitHub tokens are permanently deleted from our database immediately after each scan completes, regardless of scan outcome. Scan reports are retained for 12 months. You may request deletion of your account and associated data at any time by emailing privacy@vibesecureai.com.

Third-party services

We use the following third-party services to operate vibe-safe-ai:

• GitHub — OAuth authentication and repository access.
• Stripe — payment processing.
• AWS — scan infrastructure (Lambda, SQS, S3).
• Supabase — database and authentication.
• Resend — email delivery.

Contact

For any privacy-related questions or data deletion requests, email privacy@vibesecureai.com.