1. Introduction
VibeGuard ("we", "us", or "our") is operated by CeciArt Consulting Ltdand provides an AI-powered code quality scanner at vibeg.io ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.
This policy applies to users in the UK, European Union, and worldwide. Where UK GDPR or EU GDPR applies, CeciArt Consulting Ltd is the Data Controller.
2. Information We Collect
2.1 Code Submitted for Analysis
When you use the scanner, the code you submit is sent to our servers for analysis. On the Free tier, scan results are stored only in your browser's localStorage and are not retained on our servers beyond the processing of the request.
On Pro and Team tiers, scan results (but not the raw code) may be stored encrypted on our servers to power your scan history and team features.
We never use your code to train AI models.
2.2 Account Information
If you create an account, we collect your email address and any profile information you provide. We may use this to send transactional emails, product updates, and billing notifications.
Lawful basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.3 Payment Information
Payment is processed by Stripe. We do not store your card details.
Lawful basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.4 Usage Data
We collect anonymised usage data such as pages visited, features used, scan language, and error rates. This helps us improve the Service. We do not sell this data to third parties.
Lawful basis: Legitimate interests (Article 6(1)(f) UK GDPR) — specifically, improving service quality and preventing abuse.
2.5 Cookies & Local Storage
We use browser localStorage to persist scan results and user preferences on the Free tier. We may use cookies for session management on authenticated tiers. We use analytics tools (including Microsoft Clarity) to understand how users interact with the Service. You will be asked for consent for non-essential cookies where required by law.
3. How We Use Your Information
- To provide and improve the code scanning Service
- To process and complete your scan requests
- To send you transactional emails (receipts, account alerts)
- To respond to support requests
- To detect and prevent fraud or abuse
- To comply with legal obligations
We will not send you marketing emails without your consent.
4. Data Storage & Security
Your data is stored on servers in the European Union and/or the United States. We employ industry-standard security measures including encryption in transit (TLS 1.2+) and at rest, access controls, and regular security audits.
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Third-Party Processors
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI analysis of submitted code | Code content (transient, not retained) |
| Vercel | Hosting and infrastructure | Usage data, IP addresses |
| Stripe | Payment processing on paid tiers | Billing information (no code data) |
| Microsoft Clarity | Session replay, heatmaps, usage analytics | Anonymised session recordings, scroll/click behaviour |
All processors are contractually bound to protect your data and are only authorised to process your data for the purposes of providing their services to us.
6. Data Retention
- Free tier scan data: Exists only in your browser until you clear it. Server-side processing logs retained up to 30 days.
- Pro/Team tiers: Scan metadata retained for the duration of your subscription plus 90 days after cancellation.
- Account data: Retained until account deletion, plus 30 days.
- Payment records: Retained as required by law (typically 7 years for UK financial records).
7. International Transfers
Your data may be processed in the United States and/or European Union by our third-party processors. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions as applicable.
8. Your Rights (UK GDPR / EU GDPR)
You have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate or incomplete data
- Erasure ("right to be forgotten") where processing is no longer necessary
- Restriction of processing in certain circumstances
- Data portability in a structured, machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time where consent is the lawful basis
To exercise any of these rights, contact us at privacy@vibeg.io. We will respond within one calendar month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (UK) or your local supervisory authority (EU).
9. Your Rights (CCPA / CPRA — California Residents)
California residents have the right to:
- Know what personal information we collect, use, and share
- Delete personal information (subject to certain exceptions)
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your rights
To exercise these rights, contact us at privacy@vibeg.io.
10. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected such information, please contact us at privacy@vibeg.io and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date at least 30 days before material changes take effect. Continued use of the Service after changes constitutes acceptance.
12. Contact
Questions about this policy or to exercise your rights:
CeciArt Consulting Ltd