Privacy Policy
Last updated: April 2026
1. What we collect
When you install the VibingIQ GitHub App, we receive the repository contents you explicitly grant us access to, along with your GitHub account email and username. When you connect infrastructure credentials (database URLs, API keys, test logins), those are encrypted at rest with AES-GCM envelope encryption and never sent to a third-party LLM in plaintext.
2. How we use your code
Your code is used only to run the scans you request. Diffs and files are sent to our AI providers (Anthropic) to generate analyses. We do not train any model on your code. We do not share your code with any party outside the scan pipeline.
3. Retention
Scan results, issues, and fix plans are stored in our Supabase database until you delete them or close your account. Temporary working copies of your source used during a scan are removed immediately after the scan finishes.
4. Credentials
Test credentials (logins, invite codes, API keys) you save in the Test Environment are encrypted with a server-side master key and can only be decrypted inside the scan runner at execution time. We redact substituted values from persisted transcripts and logs.
5. Your rights
You can export or delete your data at any time by emailing hello@vibingiq.com. We honour GDPR and CCPA requests within 30 days.
6. Contact
Questions about privacy? Email hello@vibingiq.com.