Skip to content

Legal

Privacy Policy

Last updated: May 16, 2026

What VibeCodeGuard collects

VibeCodeGuard collects the email address you use for magic-link login, session metadata such as IP address and user agent, public URLs you submit for scanning, target type, selected scan tier, scan status, detected technologies, findings, report metadata, and credit or payment records. For Premium AI-agent scans, VibeCodeGuard may also store the selected framework and redacted runtime metadata such as non-secret tool, MCP, channel, or deployment labels that you provide.

How scanning works

VibeCodeGuard scans only publicly reachable URLs you submit. The scanner may fetch pages, headers, JavaScript bundles, common exposed-file paths, SSL metadata, and public API responses needed to evaluate security checks. VibeCodeGuard does not require source-code access or credentials for private infrastructure.

AI-agent runtime checks are bounded public-surface probes. VibeCodeGuard does not execute your agent tools, submit prompts to third-party agents, call MCP actions, or intentionally trigger email, file, browser, shell, purchase, or scheduling operations.

Sensitive data

Do not submit secrets, API keys, production credentials, private prompts, customer records, memory dumps, or raw logs in scan forms. VibeCodeGuard redacts common secret-shaped fields from AI-agent metadata, but you are responsible for keeping submitted context minimal and non-sensitive.

Payments

Payments and no-charge free-scan registrations are processed by Stripe. VibeCodeGuard stores Stripe customer, checkout, payment, setup, and purchase identifiers, payment status, amount, currency, related scan or credit metadata, and a hashed Stripe card fingerprint used only to limit the included free scan to one account. VibeCodeGuard does not store full card numbers or card verification codes.

Emails, logs, and providers

VibeCodeGuard sends magic links, payment notifications, and scan completion emails through the configured email provider. Operational logs and error reports may include scan IDs, route names, status codes, and sanitized metadata used to debug the service.

Cookies and sessions

VibeCodeGuard uses a session cookie to keep you signed in. Session records include an expiration time and may include IP address and user-agent metadata for account security and troubleshooting.

Deletion and support

Account and report deletion is handled by email request today; a self-service control is not yet available. Contact hello@vibecodeguard.com with the email address on your account and any scan IDs you want reviewed.