Back to Legal

Privacy Policy

Last updated: February 2025

TL;DR

  • • Scans run locally on your machine. Your code doesn't leave your device.
  • • Patching uses your LLM provider with your API key. We don't see your code.
  • • We collect minimal data: account info for Pro users, basic analytics.
  • • We don't sell your data. Ever.

1. What Data We Collect

When You Use the CLI (Free)

VibeGuard is a local-first CLI. When you run vibeguard scan, the scan happens entirely on your machine. Your source code, findings, and reports stay local.

We may collect anonymous usage telemetry (command frequency, error rates) to improve the product. This contains no code, no file paths, no identifying information. You can opt out.

When You Create an Account (Pro)

If you sign up for Pro, we collect:

  • Email address
  • Payment information (processed by Stripe, we don't store card numbers)
  • License activation data

When You Use Patching

The patch feature uses your LLM provider (OpenAI, Anthropic, etc.) with your API key. Relevant code context is sent to your chosen provider according to their privacy policy - not ours. We never see this data.

When You Visit Our Website

Standard web analytics: page views, referrer, device type. No personal tracking. See our Cookie Policy for details.

2. How We Use Your Data

  • Account management and authentication
  • License validation for Pro features
  • Product improvement (via anonymized telemetry)
  • Communicating product updates (you can unsubscribe)

3. What We Don't Do

  • We don't sell your data
  • We don't scan your code in the cloud
  • We don't access your LLM provider conversations
  • We don't share data with third parties except as needed for service delivery

4. Data Storage and Security

Account data is stored in secure cloud infrastructure with encryption at rest and in transit. We follow industry-standard security practices. For details, see our Trust page.

5. Your Rights

You can:

  • Request a copy of your data
  • Request deletion of your account
  • Opt out of marketing communications
  • Opt out of telemetry

Email privacy@vibeguard.co for any requests.

6. GDPR and CCPA

If you're in the EU or California, you have additional rights under GDPR/CCPA. We honor all data subject requests. Contact us and we'll respond within 30 days.

7. Children's Privacy

VibeGuard is not intended for users under 16. We don't knowingly collect data from children.

8. Changes to This Policy

We'll notify you of significant changes via email or in-product notification. Minor updates will be posted here with an updated date.

9. Contact

Questions? Email privacy@vibeguard.co