Privacy Policy
Last updated: April 10, 2026
What VibeDrift Does
VibeDrift is a drift detection tool that scans a codebase for deviation from its own dominant patterns. It is not a code quality score. It runs as a CLI on your machine and optionally connects to our cloud API for AI-powered deep analysis. Your code never leaves your machine. After each scan the CLI sends a small anonymous usage beacon, on by default for everyone whether you are signed in or not, and it checks npm about once a day for updates. You can turn both off; see "Data We Collect" below.
Data We Collect
Free (local) scans: Your code never leaves your machine. The analysis runs entirely locally; no source code, file contents, or file paths are ever sent. After each scan the CLI does send a small anonymous usage beacon (language, file count, lines of code, scan time, CLI version, finding count, and score, with no code, no file paths, and no identifiers), on by default for everyone whether signed in or not. Turn it off with vibedrift telemetry disable (or set VIBEDRIFT_TELEMETRY_DISABLED=1), or run --local-only for a fully offline scan with zero network calls. The CLI also checks npm about once a day for updates, controlled by the same flags.
Deep scans (--deep): Function snippets (max 30 functions, 60 lines each) are sent to the VibeDrift API for ML analysis. Snippets are processed in memory and never stored. No full files, git history, environment variables, or secrets are transmitted.
Account: Email address (for authentication via Google OAuth or magic link). We store your email, plan type, and scan history (scores and findings, not source code).
Dashboard: Scan results (scores, findings, metadata) are stored in our database so you can view history and track progress. The HTML report is stored temporarily for sharing; you can delete it anytime.
Payments: Processed by Stripe. We never see or store your card number. Stripe handles all payment data under their own privacy policy.
Feedback: If you use `vibedrift feedback` or the dashboard widget, your message and (optionally) your email are stored so we can respond.
Contact form: Name, email, company, and message are stored when you submit the contact form.
Data We Do NOT Collect
- Your source code (no source code, file contents, or file paths are ever sent; the anonymous usage beacon carries only the aggregate metrics listed above)
- Git history or commit messages
- Environment variables or secrets
- File contents beyond function snippets (deep scan only)
- Personally identifiable usage analytics or tracking pixels (the usage beacon is anonymous and carries no identifiers)
- Cookies for advertising
How We Use Your Data
- Authenticate your account and manage your subscription
- Display your scan history on the dashboard
- Process AI analysis when you use --deep
- Respond to feedback and support requests
- Send transactional emails (receipts, password resets)
We do not sell your data. We do not share it with third parties except Stripe (payments) and Supabase (database hosting).
Data Storage
Account data and scan results are stored in Supabase (hosted on AWS in the US). Function snippets sent during deep scans are processed in memory on Fly.io servers and are not persisted.
Data Deletion
You can delete your account and all associated data from the dashboard Settings page. This permanently removes your user record, scan history, tokens, and any stored reports. The deletion is immediate and irreversible.
Cookies
We use a single authentication cookie (Supabase session) to keep you logged in. No tracking cookies, no analytics cookies, no third-party cookies.
Changes
We may update this policy as the product evolves. Material changes will be communicated via email to registered users.
Contact
Questions about privacy? Email sami.ahmadkhan12@gmail.com