Privacy Policy

Last updated: March 18, 2026

1. What We Collect

When you use VibeKit, we collect:

  • Account information: email address, name, OAuth provider IDs (Google, GitHub, Apple)
  • App data: code, files, environment variables (encrypted at rest), deployment history
  • Agent messages: conversation history with AI agents, stored for chat continuity
  • Usage data: API request counts, token usage, session timestamps
  • Payment data: Stripe customer ID and subscription status (we never store raw card numbers)
  • Device data: push notification tokens for iOS/Android (optional)

2. How We Use Your Data

We use your data to:

  • Provide and operate the Service
  • Authenticate your account and maintain sessions
  • Process payments and manage subscriptions
  • Send transactional emails (welcome, deploy alerts, billing)
  • Improve the platform using anonymized usage metrics
  • Respond to support requests

We do not sell your data to third parties. We do not use your data to train AI models.

3. Third-Party Services

VibeKit integrates with the following third parties:

  • Anthropic / OpenAI — AI providers. Your messages are sent to their APIs under their privacy policies. We do not store your API keys in plaintext.
  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • Supabase — database infrastructure. Data is stored in us-east-1 (AWS).
  • Google / GitHub / Apple — optional OAuth login. We only receive your name and email from these providers.

4. Data Security

Environment variables and API keys are encrypted at rest using AES-256-GCM. All data in transit is protected by TLS. Access to production infrastructure is restricted to authorized personnel.

While we take reasonable security measures, no system is completely secure. We cannot guarantee the absolute security of your data.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is removed within 30 days. Agent conversation history and app files are deleted immediately on account deletion.

6. Your Rights

You have the right to:

  • Access the data we hold about you
  • Export your app files and data at any time
  • Delete your account and all associated data via the dashboard
  • Opt out of marketing emails (transactional emails cannot be disabled)
  • Request correction of inaccurate data

7. iOS App

The VibeKit iOS app may request access to your photo library (for file attachments) and send push notifications (for deploy alerts). These permissions are optional and can be revoked at any time in iOS Settings.

We do not track you across other apps or websites. We do not use advertising identifiers.

8. Children

VibeKit is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the dashboard or email. Continued use of the Service after changes constitutes acceptance.

10. Contact

Privacy questions or data requests: [email protected]