Privacy Policy

Who we are

VibeSafely ("we", "us", "our") operates vibesafely.com, a read-only security and quality scanner for web applications. This Privacy Policy explains what information we collect when you visit our site or use the scanner, why we collect it, and the choices you have. It applies to vibesafely.com and the VibeSafely service; it does not apply to the third-party sites you choose to scan.

We act as the data controller for the personal information described here. If you have questions, the fastest way to reach us is the contact details at the end of this page.

Information we collect

We collect only what we need to run the scanner, bill paid plans and keep the service secure:

• Account information — your email address, your name if you provide one, and a securely hashed password. We never store your password in plain text.
• Scan data — the target URLs you submit, the projects you create, and the results we generate (findings, evidence snippets, severity grades and the pages we fetched). Because our checks are read-only, this is data your target already serves publicly to any visitor.
• Payment information — handled by our payment processor, Stripe. We receive confirmation of your subscription status and the last digits/brand of your card, but we never see or store your full card number.
• Usage and analytics data — privacy-respecting, aggregated events such as which pages you view and which features you use, so we can understand and improve the product.
• Technical data — your IP address, browser and device type, and similar request metadata, used for security, abuse prevention and debugging.
• Communications — the contents of any message you send us by email or support form.

How we use your information

• To provide the service — run scans, store your projects and reports, and show you results.
• To operate your account — authenticate you, manage subscriptions, and send service emails (scan alerts, receipts, security notices).
• To improve VibeSafely — analyze aggregated usage to fix issues and prioritize features.
• To keep the service secure — detect, investigate and prevent abuse, fraud and unauthorized scanning.
• To comply with law — meet our legal, tax and accounting obligations.

Legal bases for processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases: performance of our contract with you (providing the service you signed up for); our legitimate interests (securing and improving the product, preventing abuse), balanced against your rights; your consent, where we ask for it (for example, non-essential analytics cookies), which you may withdraw at any time; and compliance with our legal obligations.

Cookies and similar technologies

We use a small number of cookies. Strictly necessary cookies keep you signed in and protect the session; these cannot be turned off without breaking the site. Where we use any non-essential analytics cookies, we rely on your consent and you can decline them. We do not use advertising or cross-site tracking cookies.

How we share information

We do not sell your personal information. We share it only with the service providers that help us run VibeSafely, and only as needed:

• Payment processing — Stripe, to take payments and manage subscriptions.
• Infrastructure and hosting — the cloud providers that host the application and store your data.
• Email delivery — our transactional email provider, to send account and alert emails.
• Product analytics — our analytics provider, to process aggregated usage events.
• Legal and safety — authorities or advisors where we are legally required, or to protect our rights, users and the public.
• Business transfers — a successor entity, if VibeSafely is involved in a merger, acquisition or sale of assets, under the terms of this policy.

Data retention

We keep account information for as long as your account is active, and scan reports for as long as you keep the corresponding project (or per your plan’s history window). When you delete a project, its reports are removed from active systems; when you close your account, we delete or anonymize your personal data within a reasonable period, except where we must retain limited records to meet legal, tax or security obligations.

How we protect your data

We encrypt data in transit, hash passwords, restrict access to authorized personnel on a need-to-know basis, and design the scanner to be read-only — it never writes to, deletes from or submits credentials to the sites you scan. No system is perfectly secure, but we work to protect your information with safeguards appropriate to its sensitivity.

International data transfers

We and our service providers may process your information in countries other than your own. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

Your rights

Depending on where you live, you may have the right to access the personal data we hold about you, correct it, delete it, export a portable copy, object to or restrict certain processing, and withdraw consent you previously gave. To exercise any of these, contact us using the details below; we will respond within the time required by applicable law. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

California privacy rights

If you are a California resident, you have the right to know what personal information we collect and how we use it (described above), to request access and deletion, and not to be discriminated against for exercising these rights. We do not sell or share your personal information as those terms are defined under California law.

Children

VibeSafely is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.

Third-party sites you scan

You may only scan sites you own or are explicitly authorized to test — this is enforced in the product and required by our terms. We are not responsible for the content or privacy practices of the sites you point the scanner at, or of any external sites we link to.

Changes to this policy

We may update this policy as the product and the law evolve. When we make material changes, we will update the date above and, where appropriate, notify you. Continued use of VibeSafely after a change means you accept the revised policy.