Privacy Policy

Last updated: March 13, 2026

What we collect

When you use VibeCheck we collect only what is necessary to provide the service:

• Account information — If you sign in with Google, we receive your name and email address from Google OAuth.
• Repository data — We clone the public repository URL you provide, analyze it in memory, and delete the clone after the audit completes. We do not store your source code.
• Audit results — Findings, scores, and generated reports are stored so you can access them later.
• Usage data — Basic analytics such as page views and IP addresses for rate limiting. We do not use third-party trackers.

How we use your data

• To run code audits and generate reports.
• To enforce usage limits and prevent abuse.
• To improve the service.

Third-party services

We use the following third-party services to operate VibeCheck:

• Supabase — Authentication and database hosting.
• OpenAI — Finding descriptions are rewritten using OpenAI's API. Only finding metadata (category, title, file path, code snippet) is sent — never your full source code.
• Stripe — Payment processing (when paid plans are available).
• Vercel — Hosting and deployment.

Data retention

Audit reports are retained indefinitely while your account is active. You may request deletion of your data at any time by contacting us.

Contact

If you have questions about this policy, please reach out at support@vibecheck.dev.