How it worksPricingDocsBlog

Product

API ReferenceChangelog

Company

AboutSecurity

Legal

PrivacyTerms
Appearance

// security

Security at VybeSec

We built a tool that watches your app for security problems — which means we hold ourselves to the same standard. Here's exactly what we do to protect your data.

System status

All systems operationalLast 30 days
Dashboard99.98% uptimeOperational
Error capture (ingest)100% uptimeOperational
AI analysis pipeline99.96% uptimeOperational
Alert delivery99.94% uptimeOperational
Digest emails100% uptimeOperational

How we protect your data

Plain English, no marketing speak.

🔐

All data is encrypted in transit and at rest

Every connection to VybeSec uses TLS encryption. Your stored data is encrypted with AES-256. Even if someone broke into our database, your data would be unreadable.

🔑

We never store your API keys in plaintext

API keys are stored as one-way hashes — the original key is shown exactly once when you create it and never again. Even our own team can't retrieve it.

🌍

We never store your users' IP addresses

We record the country and region of an error (to help you understand where it happened) but immediately discard the raw IP. We can't identify individual users even if we wanted to.

🧹

Sensitive data is scrubbed before it leaves the browser

The SDK automatically scans every error for API keys, passwords, JWT tokens, and payment info before sending anything. Matches are replaced with [REDACTED] on-device.

🏗️

Error capture and your dashboard are fully isolated

The system that captures errors from your app is completely separate from the dashboard and API. A problem in one can't affect the other.

🔒

Your login sessions are as secure as we can make them

Sessions use secure, HTTP-only cookies with CSRF protection built in. We don't store sessions in localStorage or anywhere a malicious script could steal them.

📋

Every action in your account is logged

Configuration changes, team member actions, API key usage — all recorded in an immutable audit log kept for one year.

⏱️

Your data is automatically deleted when you're done with it

Data is removed after your plan's retention period (7 days on Free, up to 1 year on Business). We don't keep anything longer than necessary.

Compliance

GDPR

Your users' data rights are fully supported. DPA available on request.

CCPA

California residents can request data deletion via privacy@vybesec.com.

SOC 2

SOC 2 Type II audit in progress. Report available to Business customers under NDA.

Found a security issue?

If you discover a security vulnerability in VybeSec, please tell us before anyone else. We'll acknowledge your report within 48 hours, fix it promptly, and credit you publicly (with your permission) once it's resolved.

security@vybesec.com

PGP key available on request

Please don't report security issues in GitHub issues or public channels. We offer a thank-you bounty for critical vulnerabilities at our discretion.