[LEGAL]

PRIVACY POLICY

Last updated: February 2, 2025

1. Information We Collect

When you use VibeScanner, we collect the following information:

  • Account Information: Email address, name (if provided via GitHub)
  • GitHub Data: GitHub user ID, username, and repository access (read-only)
  • Scan Data: URLs of websites scanned, scan results, and security findings
  • Payment Information: Processed securely by Stripe (we do not store card details)
  • Usage Data: Pages visited, features used, and interaction patterns

2. How We Use Your Information

  • To provide and improve our security scanning services
  • To authenticate your account and maintain security
  • To process payments and manage subscriptions
  • To send service-related communications
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

3. Code & Repository Handling

We take your code security seriously:

  • Repository code is cloned temporarily for scanning purposes only
  • Code is processed in memory and deleted immediately after scanning
  • We never permanently store your source code
  • Scan results (vulnerability reports) are stored to provide history features

4. Payment Processing

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store credit card numbers, CVV codes, or other sensitive payment details on our servers. Please review Stripe's Privacy Policy for more information.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Stripe (payments), hosting providers
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In case of merger, acquisition, or sale of assets

6. Cookies

We use essential cookies to maintain your session and remember your preferences. For more details, see our Cookie Policy.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected].

8. Data Retention

We retain your account data as long as your account is active. Scan history is retained according to your plan (7 days for Free, 90 days for Solo, 1 year for Team/Agency). You can request deletion of your account and associated data at any time.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and regular security audits.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or concerns:
Email: [email protected]