← Back to Home

Privacy Policy

Last updated: February 10, 2026

1. Introduction

vibeGuard ("we", "us", "our") is a browser extension and web service that helps developers detect security vulnerabilities in web applications. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

2.1 Account Data

When you create an account, we collect your email address, name, and a hashed version of your password. If you subscribe to a paid plan, payment processing is handled by Stripe — we store only your Stripe customer ID, not your payment card details.

2.2 URLs and Page Data

To perform security checks, the extension analyzes the web pages you visit. When findings are detected, the following data may be transmitted to our servers at api.vibeguard.live:

  • The URL of the page being scanned and URLs of third-party requests detected on that page
  • Security findings (type, severity, description, and affected resources)
  • Metadata such as request methods, header information, and detected library versions

2.3 Extension Settings

Your scanner preferences (e.g., which checks are enabled) and notification settings are stored locally in your browser via Chrome Storage Sync.

2.4 Pro Features

If you use vibeGuard Pro, we additionally collect domain names you choose to monitor, generated security reports, and scan results including finding summaries and statistics.

2.5 Anonymous Usage Analytics

We collect anonymous usage data such as your extension version and feature usage events. This data does not include URLs you visit or any page content. You can opt out of analytics at any time via the extension settings.

3. How We Use Your Data

  • Security scanning: URLs and page data are processed to identify vulnerabilities and generate security reports for you.
  • Account management: Email and authentication data are used to manage your account and subscriptions.
  • Service improvement: Anonymous analytics help us understand feature usage and improve the product.
  • Alerts and notifications: If configured, we use your alert settings to send security notifications via email or webhooks.

4. Client-Side Processing

The majority of security analysis happens locally in your browser. The extension scans page content, detects trackers, checks for exposed secrets, and evaluates security headers — all on your device. Only detected findings and their associated metadata are sent to our servers for storage and reporting purposes.

5. Data Sharing

We do not sell your data to third parties. Data is shared only with:

  • Stripe: For payment processing (Pro subscribers only).

We do not use any third-party analytics, advertising, or tracking services on the extension or our website.

6. Data Retention

  • Account data: Retained until you delete your account.
  • Security reports: Shareable report links expire after 30 days.
  • Finding cache: Locally cached findings expire after 7 days.
  • Browser storage: Persists until you uninstall the extension or clear your browser data.

7. Your Rights and Controls

You have the following controls over your data:

  • Scanner settings: Enable or disable individual security scanners to control what is analyzed.
  • Analytics opt-out: Disable anonymous usage tracking in the extension settings.
  • Data export: Export your security data from the dashboard.
  • Data deletion: Clear stored data via the extension or request account deletion by contacting us.

8. Data Security

We use industry-standard security measures to protect your data. Passwords are hashed using bcrypt. Communication between the extension and our servers is encrypted via HTTPS. Our API employs rate limiting, CORS restrictions, and security headers via Helmet.

9. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at privacy@vibeguard.live.