How it worksPricingDocsBlog

Product

API ReferenceChangelog

Company

AboutSecurity

Legal

PrivacyTerms
Appearance

// legal

Privacy Policy

Last updated: March 1, 2025

Plain-English summary

  • We collect error data from your app so we can explain it to you.
  • We never store your users' IP addresses.
  • The SDK scrubs API keys, passwords, and payment info before anything leaves the browser.
  • We don't sell your data. Ever.
  • You can delete your data any time by emailing us.

VybeSec, Inc. (“VybeSec”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. What we collect

Your account information

When you create an account, we collect your name, email address, and optionally your company name. We use this to manage your account, send alerts, and communicate updates.

Error data from your app

Our SDK captures errors from your application. Each error may include the error message and stack trace (sanitized), the URL path where the error happened, an anonymous session identifier, browser name and version, device type, and the country and region derived from network headers. We never store raw IP addresses.

What we do NOT collect

  • Raw IP addresses — we use country/region headers, then discard the IP immediately
  • Full user-agent strings — we only store browser name/version and device type
  • Content from form fields, password inputs, or payment forms
  • Content of user-generated text in your app

Automatic data scrubbing

The VybeSec SDK automatically scans error messages and stack traces for sensitive data patterns before they leave the browser. This includes OpenAI API keys, Stripe keys, JWT tokens, and password-like strings. Matched values are replaced with [REDACTED] on-device, before transmission.

2. How we use your information

  • To provide and improve the VybeSec service
  • To generate AI-powered error analysis and fix prompts
  • To send you alerts, digests, and service notifications
  • To analyze aggregate usage patterns and improve error fingerprinting accuracy
  • To detect and prevent fraud or abuse

3. Data retention

Error data is retained according to your plan — 7 days on Free, 30 days on Starter, 90 days on Pro, and 1 year on Business. After the retention period, raw events are permanently and automatically deleted. Aggregated statistics may be retained longer for billing and trend analysis.

4. Who we share data with

We do not sell, trade, or rent your data. We share data only with the services needed to run VybeSec:

  • Anthropic: Error text is sent to Claude for analysis. This is processed under Anthropic's API terms and is not used to train their models.
  • Cloudflare: Our infrastructure provider. All data passes through Cloudflare's network.
  • Resend: Used to deliver alert and digest emails.
  • Stripe: Payment processing. We never see your full card number.

5. Your rights (GDPR & CCPA)

Depending on where you are, you may have the right to access, correct, delete, or export your data. Email privacy@vybesec.com and we'll respond within 30 days.

6. Security

We use industry-standard security practices: TLS encryption in transit, AES-256 encryption at rest, and strict access controls. API keys are stored as SHA-256 hashes — we never store plaintext keys. Full details on our security page.

7. Contact

Questions? Email privacy@vybesec.com or write to VybeSec, Inc., 548 Market St PMB 72879, San Francisco, CA 94104.