Plain English Summary: We collect your name, email, app URL, and details about your app so we can run your security audit and deliver your report. We do not sell your data. We do not store your app's source code. Payments are processed entirely by Stripe. You can request deletion of your data at any time by emailing privacy@vibeclear.ai.
VibeClear operates the website at vibeclear.ai and provides security audit services for AI-built web applications. We are the data controller responsible for personal information collected through our website and services.
For GDPR purposes, VibeClear is the data controller. For CCPA purposes, VibeClear is the business. Contact our privacy team at privacy@vibeclear.ai.
When you submit an audit request, we collect: your name, email address, phone number (optional), company name (optional), app URL, app description, AI tools used, backend and hosting platforms, types of data your app handles, and urgency / referral source.
When you visit our site: IP address, browser type and version, device type and OS, pages visited, time on site, and referring URL.
We collect HTTP response headers, publicly accessible JavaScript, SSL/TLS certificate information, and observable security header configuration. We only scan publicly accessible information — we do not access your source code, private databases, or any non-public data.
⚠️ Scan data is retained for 30 days after report delivery, then permanently deleted.
Payment processing is handled entirely by Stripe, Inc. VibeClear never sees, stores, or processes your credit card details. Review Stripe's privacy policy at stripe.com/privacy.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Performing your security audit and delivering your report | App URL, description, email | Contract performance |
| Processing your payment | Email (passed to Stripe) | Contract performance |
| Sending your report and follow-up communications | Name, email, phone | Contract performance |
| Responding to support requests | Name, email, conversation content | Legitimate interest |
| Improving our scanning methodology | Anonymized scan result patterns | Legitimate interest |
| Fraud prevention and security | IP address, URL submitted | Legitimate interest |
| Complying with legal obligations | As required by law | Legal obligation |
For EEA, UK, and Swiss residents, our legal bases are:
We do not sell your personal information. Ever.
We may disclose information where required by law, court order, or valid legal request from public authorities.
If VibeClear is involved in a merger or acquisition, your data may transfer as part of that transaction with advance notice.
| Data Type | Retention Period | Reason |
|---|---|---|
| Intake form data (name, email, app details) | 2 years from submission | Service records and follow-up support |
| Security scan raw results | 30 days from report delivery | Quality assurance and disputes |
| Delivered security reports | 1 year from delivery | Re-scan and Deep Audit services |
| Payment records | 7 years | Tax and legal compliance |
| Website analytics data | 26 months | Service improvement |
| Support correspondence | 3 years from last contact | Support history and disputes |
Upon a deletion request, we remove your personal data within 30 days — except where legally required to retain it (e.g., payment records under tax law).
To exercise any right: email privacy@vibeclear.ai with the subject "Data Rights Request." We respond within 30 days and may ask you to verify your identity.
VibeClear does not sell, rent, or share your personal information for monetary consideration or cross-context behavioral advertising as defined under CPRA.
To exercise California rights, email privacy@vibeclear.ai with "California Privacy Request" in the subject. We respond within 45 days as required by law.
We use minimal cookies necessary for the site to function. We do not use advertising cookies or sell data to ad networks.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Session cookies | Maintain your session while navigating | Session end | Strictly necessary |
| Stripe cookies | Fraud prevention during payment | Varies | Strictly necessary |
| Analytics cookies | Aggregate, anonymized website usage | 26 months | Analytics |
You can control cookies through your browser settings. Disabling cookies may affect some site functionality.
We implement industry-standard security measures including TLS/HTTPS encryption for all data in transit, access controls limiting which team members can view submission data, time-limited retention of scan results, and PCI DSS-compliant payment infrastructure via Stripe.
No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact us immediately at privacy@vibeclear.ai.
VibeClear operates in the United States. If you are in the EEA, UK, or Switzerland, your data will be transferred to and processed in the United States. We ensure appropriate safeguards via Standard Contractual Clauses (SCCs) for EEA transfers and UK International Data Transfer Agreements (IDTAs) for UK transfers.
Our services are not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have information from a child under 18, contact us at privacy@vibeclear.ai and we will remove it promptly.
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated by updating the "Last updated" date, emailing affected users, and where legally required, obtaining your consent before applying changes.
For any questions, concerns, or data rights requests regarding this Privacy Policy:
EEA residents may also contact their national Data Protection Authority. UK residents may contact the ICO at ico.org.uk.