Privacy Policy

VibeShield is a web application security scanning service. We operate the service available at vibeshield.com. For questions about this policy, contact us at privacy@vibeshield.com.

When you create an account, we collect your email address and a hashed version of your password. We never store your password in plain text.

When you run a URL scan, we record the target URL, the time the scan was run, and your IP address. This is required to enforce rate limits, prevent abuse, and generate your audit log.

When you upload source code for scanning, the uploaded ZIP archive is stored temporarily on our servers while the scan is in progress and is deleted once the scan completes. We do not retain your source code long-term.

We collect standard web server logs including IP addresses and user-agent strings for security and debugging purposes. Logs are retained for 30 days.

We use your email address to send you account-related notifications (password resets, scan alerts if you configure them). We do not send marketing emails without your explicit opt-in.

Scan results — findings, risk scores, and reports — are stored and associated with your account so you can access them from the dashboard. You can delete projects and their associated scan data at any time.

We do not sell your data to third parties. We do not use your scan data to train machine learning models.

If you use the free URL scan feature without logging in, we record your IP address to enforce the 3-scan limit. No account is created. Guest scan results are stored for 7 days and then automatically deleted.

Account data is retained as long as your account is active. You can request deletion of your account and all associated data at any time by emailing privacy@vibeshield.com.

Source code uploads are deleted immediately after a scan completes. Scan results (findings, scores) are retained until you delete the project.

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. We apply access controls so that only you can view your scan data.

If you discover a security vulnerability in VibeShield itself, please disclose it responsibly by emailing security@vibeshield.com.

VibeShield uses a single session token stored in your browser's localStorage to keep you logged in. We do not use tracking cookies or third-party analytics cookies.

We may update this policy from time to time. Material changes will be announced via the email address associated with your account. Continued use of the service after the effective date constitutes acceptance of the updated policy.