Privacy Policy

1. Introduction

Welcome to VibeCheck AI ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at vibecheck.ai (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in using GitHub OAuth, we collect your GitHub username, email address, and profile picture.
• Contact Information: When you contact us through our contact form, we collect your name, email address, and message content.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card details.

2.2 Repository Scan Data

• Public Repositories: When you scan a public repository by URL, we analyze the publicly available code files to generate recommendations.
• Uploaded Files: When you upload a ZIP file for scanning, we temporarily process the files to generate recommendations. Uploaded files are deleted after processing.
• Scan Results: We store scan results and metadata (repository name, scan date, summary of findings) to provide scan history functionality.

2.3 Automatically Collected Information

• Usage Data: We collect information about how you interact with our Service, including pages visited, features used, and time spent on the platform.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies: We use essential cookies for authentication and session management. See Section 8 for more details.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Service
• Process repository scans and generate recommendations
• Manage your account and provide customer support
• Process payments and manage subscriptions
• Send important notices about our Service
• Improve and personalize your experience
• Analyze usage patterns to improve our Service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Data Retention

We retain your personal information for as long as necessary to:

• Account Data: Retained while your account is active. You can request deletion at any time.
• Scan History: Stored according to your subscription tier (free users: 5 scans, paid users: unlimited). You can delete individual scans or request full deletion.
• Uploaded Files: Deleted immediately after processing is complete.
• Contact Form Submissions: Retained for up to 2 years for support purposes.
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement.

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

• GitHub: For OAuth authentication and accessing public repository data.
• Supabase: For database hosting and user authentication.
• Stripe: For payment processing (if you have a paid subscription).
• Vercel: For hosting and content delivery.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal information to third parties.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request a copy of your data in a structured, machine-readable format.
• Restriction: Request restriction of processing of your personal data.
• Objection: Object to processing of your personal data for certain purposes.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@vibecheck.ai.

7. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

• Contract Performance: Processing necessary to provide you with our Service (e.g., account creation, repository scanning).
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our Service, fraud prevention), where not overridden by your rights.
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal Obligation: Processing necessary to comply with legal requirements.

International Data Transfers

Our Service is hosted in the United States. If you access our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

Right to Lodge a Complaint

If you are an EEA resident and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

8. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication and session management. The Service cannot function properly without these.
• Preference Cookies: Remember your settings and preferences (e.g., theme selection).
• Analytics Cookies: Help us understand how visitors interact with our Service to improve user experience.

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our Service.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using HTTPS/TLS
• Secure storage with encrypted databases
• Regular security assessments and updates
• Access controls and authentication requirements

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete the information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice (such as email notification) where required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

You can also reach us through our Contact Page.

13. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell your personal information. If this changes, you will have the right to opt-out of such sales.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@vibecheck.ai or submit a request through our Contact Page.