Privacy Policy

Effective Date: March 28, 2026

This policy explains how we collect, use, and protect your personal information when you use our website and services.

Data Controller

Controller: Jan Voldán ("Vibecodiq", "we", "us"). Contact: info@vibecodiq.com

Code Scanning — How We Handle Your Code

This is the most important section for most users. Depending on how you use Vibecodiq:

  • CLI scan (local): Your source code never leaves your machine. The CLI runs entirely locally. Only scan metadata is sent to our API — check IDs, pass/fail results, relative file paths, and line numbers. No source code, no file contents, no string literals, no secrets are transmitted.
  • Web scan (GitHub URL): When you paste a GitHub URL, our API performs a shallow clone (git clone --depth 1) into a temporary directory. The CLI scanner runs against this clone. Immediately after the scan completes, the repository is deleted (rm -rf). Only scan metadata (check results, relative paths) is stored — not source code.
  • Launch Readiness Assessment: You provide read-only GitHub access. We access your repository solely to conduct the assessment. Access is revoked after delivery. We store only the scan findings — not your source code.

Information We Collect

  • Contact information (name, email) — when you submit the contact form or request a service
  • Scan metadata — check IDs, results (PASS/FAIL), relative file paths, and line numbers (no source code)
  • GitHub account information — if you sign in with GitHub OAuth (username, email, profile); required only for the dashboard
  • Usage data — aggregated, anonymized analytics via Plausible (no personal data, no cookies, no cross-site tracking)

How We Use Your Information

  • To provide our services (scanning, assessment, fix delivery)
  • To communicate with you about your project or enquiry
  • To generate and deliver scan reports and shareable URLs
  • To improve our services using aggregated, anonymized scan metadata

Third-Party Services

  • Vercel — website hosting and delivery (EU/US)
  • Supabase — database for scan results and user accounts
  • Formspree — contact form processing (receives your email and message)
  • Plausible Analytics — privacy-focused, cookieless website analytics. No personal data collected. GDPR-compliant by design. Hosted in the EU.

We do not use advertising trackers, behavioral profiling, or sell your data to any third party.

Vibecodiq will not use your submitted code to train AI/ML models without your explicit written permission.

Legal Basis (GDPR)

  • Contract performance — when you request a service, we process data to deliver it
  • Legitimate interest — for website analytics (Plausible) and aggregate service improvement using anonymized scan metadata
  • Consent — when you voluntarily submit a contact form

Data Retention

  • Repository code: never stored. Web scan clones deleted immediately after scan.
  • Scan metadata (results): retained until you delete your account, or up to 2 years
  • Contact form submissions: retained for duration of the business relationship
  • GitHub access: revoked immediately after assessment delivery
  • Plausible analytics: aggregated, no personal data, retained indefinitely

You may request deletion of your data at any time by emailing us.

International Transfers

Our services use infrastructure in the EU and US (Vercel, Plausible in EU). If data is transferred outside the EEA, appropriate safeguards are used in accordance with GDPR requirements.

Cookies

We do not use marketing or tracking cookies. Plausible Analytics is cookieless. Only technical cookies necessary for session management (GitHub OAuth) may be set during authenticated use.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction or deletion of your data
  • Withdraw consent for data processing
  • Request a portable copy of your data
  • Object to or restrict processing
  • Lodge a complaint with a data protection authority (Czech DPA: ÚOOÚ — uoou.cz)

Data Processing Agreement

If you submit repositories that contain personal data of your users, Vibecodiq may act as a data processor. A Data Processing Agreement (DPA) is available upon request at info@vibecodiq.com.

Governing Law

This policy is governed by the laws of the Czech Republic and applicable EU regulations, including the General Data Protection Regulation (GDPR).

Contact

Questions about this policy or data requests: info@vibecodiq.com