⚠️ Please read carefully. This disclaimer defines the scope, limitations, and intended use of VibeClear's security audit services. Using our services does not guarantee your application is free from vulnerabilities or meets any specific security standard or regulatory requirement.
VibeClear provides security assessment services designed to identify common vulnerabilities in web applications built using AI-assisted coding tools. Our service is an educational and advisory tool — not a penetration test, security certification, compliance audit, or guarantee of security.
Our assessments are conducted against publicly accessible portions of your application only. We do not attempt to bypass authentication, exploit vulnerabilities, access private data, or conduct testing beyond passive observation of publicly available information.
What we do: Analyze what any member of the public could observe from your application's public-facing surface — HTTP headers, client-side JavaScript, public API endpoints, SSL configuration, and observable security patterns — and report on what we find.
Security is not a binary state. Our reports reflect findings at a specific point in time against a defined scope. We do not and cannot guarantee that our scan identifies every vulnerability, that your app is secure after implementing our recommendations, that no new vulnerabilities will be discovered after your scan, or that our findings represent a complete picture of your security posture.
The absence of a finding does not mean a vulnerability doesn't exist — it means we did not detect it within our assessment scope. Unknown vulnerabilities, vulnerabilities in authenticated areas, and business logic flaws may not be detectable through our service.
VibeClear is designed to be accessible to non-technical founders as an entry-level security review. It is not a substitute for:
If your application handles highly sensitive data, payment card information, protected health information, or is subject to regulatory requirements, we strongly recommend engaging a qualified security firm for a comprehensive assessment in addition to using our service.
VibeClear's reports do not constitute compliance certification for any regulatory framework, including but not limited to GDPR, CCPA/CPRA, PCI DSS, HIPAA, SOC 2 Type I or II, ISO/IEC 27001, NIST Cybersecurity Framework, or FedRAMP.
Our service may be useful as a preparatory step, but is not a substitute for formal compliance assessment. If you require certification or evidence of compliance, engage a qualified compliance assessor or legal counsel.
Our recommendations are provided in good faith based on our assessment and represent generally accepted security best practices. However:
All findings are disclosed exclusively to the customer who commissioned the assessment. We do not publicly disclose, share, or publish specific vulnerability details for individual customers' applications.
We may use anonymized, aggregated patterns from assessments to improve our scanning methodology and publish general research about vulnerability patterns in AI-generated code. We will never publish information that identifies your specific application or organization.
If we discover evidence of an active breach or imminent threat to your users' data during an assessment, we will notify you immediately at the email provided in your intake form.
To the maximum extent permitted by law, VibeClear shall not be liable for any security incident, data breach, regulatory fine, reputational harm, or other loss that occurs before, during, or after delivery of our security assessment services — including losses from vulnerabilities our assessment did not identify, losses from incorrect implementation of our recommendations, or losses from reliance on our assessment as a complete security evaluation.
Our total liability is limited to the amount you paid for the specific assessment. See our Terms of Service for complete liability terms.
If you have questions about the scope or limitations of your assessment, or would like guidance on additional steps appropriate for your risk profile, contact us at hello@vibeclear.ai.