Skip to main content
SecureMyVibe

Privacy Policy

Last updated: April 24, 2026

This policy explains how SecureMyVibe collects, uses, and protects your data. We built this for developers who care about security — and we treat your data with the same care.

Data We Collect

When you use SecureMyVibe, we collect: your email address (provided via the email gate or account signup), the URLs you submit for scanning, scan results and security scores, your IP address (for rate limiting — stored as a hash, not in plain text), and basic usage analytics.

How We Use Your Data

We use your data to: perform security scans on the URLs you submit, deliver scan reports and security alerts to your email, improve our scanning algorithms and detection accuracy, and send occasional product updates (you can unsubscribe anytime).

Data Retention

Free scan results are retained for 7 days, then automatically deleted. Email addresses captured via the email gate are retained for 90 days if you do not subscribe, then deleted. Paid plan scan results are retained while your subscription is active and for 30 days after cancellation. Your account data is retained until you request deletion.

Your Rights (LGPD / GDPR)

You have the right to: access all data we hold about you, correct inaccurate data, request complete deletion of your data, export your data in a portable format, and withdraw consent at any time. If you have an account, you can delete all your data directly from your account settings. For guest users or additional requests, email us at privacy@securemyvibe.ai.

Cookies

We use essential cookies for authentication and locale preference, which are always active. We also use optional analytics cookies (Vercel Analytics) to understand usage patterns and improve our service. Analytics cookies are only loaded after you give explicit consent via the banner shown on your first visit. We use error monitoring (Sentry) for service reliability, which does not collect personal data.

Data Security

All data is transmitted over HTTPS. Scan data is stored with row-level security enabled. We never store raw HTTP response contents from scanned targets. We use trusted third-party service providers (see Section 9) to operate our service; these processors handle data strictly on our behalf under written agreements. We do not sell your personal data.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of SecureMyVibe after changes constitutes acceptance of the updated policy.

Contact

For questions about this policy or your data, contact us at privacy@securemyvibe.ai.

Third-Party Service Providers & International Transfers

To operate SecureMyVibe, we share data with the following trusted service providers, all located in the United States: Vercel (hosting and API infrastructure), Supabase (database and authentication), Stripe (payment processing), Resend (transactional email), Sentry (error monitoring), Upstash (rate limiting), and Inngest (background job processing). As these providers are US-based, your data is transferred internationally. Each provider operates under Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms compliant with GDPR and LGPD requirements. We have Data Processing Agreements (DPAs) in place with applicable providers.

Data Protection Officer (DPO)

Our Data Protection Officer (Encarregado de Dados under LGPD Art. 41) is Ernesto de Oliveira, Founder. You can contact the DPO at privacy@securemyvibe.ai for any questions about how we process your personal data, to exercise your data rights, or to report a data protection concern.