Privacy Policy

Last updated: April 10, 2026

What VibeDrift Does

VibeDrift is a code quality tool that scans codebases for architectural drift. It runs as a CLI on your machine and optionally connects to our cloud API for AI-powered deep analysis.

Data We Collect

Free (local) scans: Nothing. Zero data leaves your machine. The scan runs entirely locally — no network calls, no telemetry, no analytics.

Deep scans (--deep): Function snippets (max 30 functions, 60 lines each) are sent to the VibeDrift API for ML analysis. Snippets are processed in memory and never stored. No full files, git history, environment variables, or secrets are transmitted.

Account: Email address (for authentication via Google OAuth or magic link). We store your email, plan type, and scan history (scores and findings, not source code).

Dashboard: Scan results (scores, findings, metadata) are stored in our database so you can view history and track progress. The HTML report is stored temporarily for sharing; you can delete it anytime.

Payments: Processed by Stripe. We never see or store your card number. Stripe handles all payment data under their own privacy policy.

Feedback: If you use `vibedrift feedback` or the dashboard widget, your message and (optionally) your email are stored so we can respond.

Contact form: Name, email, company, and message are stored when you submit the contact form.

Data We Do NOT Collect

  • Your source code (local scans never transmit anything)
  • Git history or commit messages
  • Environment variables or secrets
  • File contents beyond function snippets (deep scan only)
  • Usage analytics or tracking pixels
  • Cookies for advertising

How We Use Your Data

  • Authenticate your account and manage your subscription
  • Display your scan history on the dashboard
  • Process AI analysis when you use --deep
  • Respond to feedback and support requests
  • Send transactional emails (receipts, password resets)

We do not sell your data. We do not share it with third parties except Stripe (payments) and Supabase (database hosting).

Data Storage

Account data and scan results are stored in Supabase (hosted on AWS in the US). Function snippets sent during deep scans are processed in memory on Fly.io servers and are not persisted.

Data Deletion

You can delete your account and all associated data from the dashboard Settings page. This permanently removes your user record, scan history, tokens, and any stored reports. The deletion is immediate and irreversible.

Cookies

We use a single authentication cookie (Supabase session) to keep you logged in. No tracking cookies, no analytics cookies, no third-party cookies.

Changes

We may update this policy as the product evolves. Material changes will be communicated via email to registered users.

Contact

Questions about privacy? Email sami.ahmadkhan12@gmail.com