Secure The Vibe← Back to site

Privacy Policy

Last updated: June 16, 2026

This Privacy Policy explains what information Secure The Vibe("we," "us") collects when you use the Service, how we use it, and the choices you have. By using Secure The Vibe, you agree to this policy.

1. Information we collect

Information you provide

  • Account email. When you create an account we store the email address you provide so we can identify your account and your scan history.
  • Scan targets. The website URLs and repository identifiers you submit to be scanned.

Information we generate

  • Scan results. The findings, scores, grades, and metadata produced when we scan a target you submit, saved to your history so you can review changes over time.
  • API keys. If you create an API key, we store only a hashed version of it (we cannot recover the original) plus its metadata.
  • Basic technical data. Limited request data such as IP address (used transiently for rate limiting and abuse prevention) and standard server logs.

Data on the targets you scan

When you run a scan, we fetch publicly available responses from the target you submitted — the same responses any visitor would receive. We store the resulting findings as described above. We never log in to your systems, never bypass authentication, and refuse to scan internal or private network addresses.

2. What we do not collect

During the free beta we do not collect payment information, and there is no card on file. We do not ask for a password (accounts are email-based). We do not knowingly collect information from anyone under 18.

3. How we use information

  • To provide, operate, secure, and improve the Service;
  • To save and display your scan history and dashboard;
  • To enforce rate limits and prevent abuse;
  • To respond to your support requests;
  • To comply with legal obligations.

We do not sell your personal information.

4. Cookies

We use a single, essential, HTTP-only session cookie to keep you signed in. It is cryptographically signed and is required for the Service to function. We do not use third-party advertising or cross-site tracking cookies.

5. Third parties

To deliver the Service we interact with third-party systems, including the OSV.dev vulnerability database and code hosts such as GitHub (for repository scanning), as well as the targets you ask us to scan. These are governed by their own privacy practices. We may also use infrastructure providers (e.g., hosting) that process data on our behalf under their terms.

6. Data retention & storage

We retain your account email, scan history, and API-key metadata for as long as your account is active or as needed to provide the Service. Because Secure The Vibe is in beta, data is stored in lightweight stores and could be reset during development; please do not treat your scan history here as a system of record.

7. Security

We take reasonable measures to protect your information — session cookies are signed, API keys are stored only as hashes, and scans are restricted from reaching private networks. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

8. Your choices & rights

You can sign out at any time and stop using the Service. To request access to, correction of, or deletion of your account data, email us at support@securethevibe.dev. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA; we will honor applicable requests.

9. International users

We may process and store information in countries other than your own. By using the Service you consent to such transfer, subject to applicable law.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by additional notice.

11. Contact

Questions or requests about your privacy? Contact us at support@securethevibe.dev.