VibeTrace is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, and how we use and protect it. By using our service, you agree to the practices described in this policy.
2. Data We Collect
We collect only what is necessary to provide the service:
Email address — collected via GitHub or Google OAuth, or directly on signup. Used to log in and communicate with you about your account and scan results.
GitHub username and repository names — collected when you connect your GitHub account. We do not collect or store your source code.
Scan results — vulnerability metadata including issue type, severity, file path, and line number. Never the underlying code.
Payment information — handled entirely by Stripe. We never see or store your card details.
3. What We Do NOT Store
We take your code privacy seriously:
We clone your repository temporarily for the purpose of scanning and delete it immediately after the scan completes.
No source code is ever retained on our servers.
We do not index, train models on, or share your code with third parties.
4. How We Use Your Data
To provide the VibeTrace scanning service and deliver scan reports.
To send you notifications about your scans and account.
To process payments via Stripe.
To improve our vulnerability detection rules and overall service quality.
To comply with legal obligations.
We do not sell your personal data to third parties.
5. Data Retention
Account data and scan results are retained for as long as your account is active. If you request deletion of your account, your personal data will be permanently deleted within 30 days of the request. Aggregated, anonymised statistics may be retained for service improvement purposes.
6. Third-Party Services
We use the following third-party services to operate VibeTrace:
Stripe — payment processing.
GitHub OAuth — authentication and repository access.
Google OAuth — authentication.
Each of these services has its own privacy policy governing how they handle your data.
7. Your Rights (UK GDPR)
Under UK GDPR, you have the following rights regarding your personal data:
Right of access — request a copy of the data we hold about you.
Right to rectification — request correction of inaccurate data.
Right to erasure — request deletion of your data.
Right to data portability — request your data in a structured, machine-readable format.
Right to object — object to processing of your data in certain circumstances.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice within the platform. Your continued use of VibeTrace after changes take effect constitutes your acceptance of the updated policy.
9. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].