Privacy Policy

Last updated: June 16, 2026

This Privacy Policy explains what information VibeSec (the "Service") collects, how we use it, and the choices you have. We aim to collect as little as we need to run the Service.

1. Information we collect

• Account data: your email address, used for sign-in (magic links) and account-related messages.
• Scan inputs: the target URLs you submit and any scan options you choose, including your authorization attestation for active scans.
• Scan results: the findings produced by a scan (for example, missing headers, exposed files, detected technologies), stored so you can view your reports and history.
• Billing data: your plan, scan credits, and payment status. Payments are handled by our payment providers; we do not store your full card number.
• Technical data: standard server logs (such as IP address, timestamps, and error details) used to operate, secure, and debug the Service.

2. How we use your information

• To run scans you request and show you the results and history.
• To authenticate you, process payments, and enforce plan quotas.
• To operate, secure, debug, and improve the Service.
• To send essential account and transactional messages (such as sign-in links and scan notifications you enable).
• To comply with the law and enforce our Terms.

3. Service providers

We use trusted third parties to run the Service, and we share only what each needs to do its job:

• Vercel (application hosting)
• Neon (database)
• Upstash (job queue)
• Resend (transactional and sign-in email)
• PayPal and PayMongo (payment processing)
• Cloudflare (DNS)

These providers process data on our behalf under their own terms and privacy policies. We do not sell your personal data.

4. Payments

When you pay, you are redirected to PayPal or PayMongo, who collect and process your payment details directly. We receive only confirmation of payment and limited metadata (such as the plan purchased), not your full card information.

5. Data retention

We keep your account data and scan history while your account is active so you can access your reports. You can ask us to delete your account and associated data; see "Your rights" below. We may retain limited records where required for legal, accounting, or security purposes.

6. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS), access controls, and isolated scan workers. No system is perfectly secure, but we work to protect your information and to limit what we collect in the first place.

7. Your rights

You can request access to, correction of, or deletion of your personal data, and you can delete your account at any time. To make a request, email us at support@vibesecurity.uk. Depending on your location, you may have additional rights under applicable data-protection laws.

8. Cookies

We use a small number of strictly necessary cookies, primarily to keep you signed in. We do not use advertising or cross-site tracking cookies.

9. Children

The Service is not intended for children under 16, and we do not knowingly collect data from them.

10. International users

We operate from the Philippines and use service providers in various regions. By using the Service, you understand your data may be processed in countries other than your own.

11. Changes to this policy

We may update this Policy from time to time. We will update the date above and, for material changes, notify you where appropriate.

12. Contact

Questions or requests about your data? Email us at support@vibesecurity.uk.