VibeLeak>_Scan

    // LEGAL_PRIVACY

    NOTICE_ACTIVE

    Privacy policy

    Data stays useful.Not mysterious.

    This notice explains what VibeLeak collects, why we collect it, who helps process it, and how scan visibility works across saved results and the public Trust Index.

    >_ Scan your siteView terms

    Last updated

    May 2

    2026 policy build

    Data sale

    No

    No cross-context ad sharing

    Public scan

    Opt-in

    Index controls stay owner-gated

    Commitment

    We do not sell personal information.

    Commitment

    We do not store full payment card numbers.

    Commitment

    We do not log into your app or execute site JavaScript during public scans.

    01 / Information we collect

    01

    Account and auth

    Email address, authentication provider identifiers, session state, password status, and account preferences needed to sign in and protect your account.

    02

    Scan inputs and results

    Submitted domains or URLs, timestamps, redirects, TLS/header observations, grades, findings, score-watch settings, exports, saved result IDs, and public share metadata.

    03

    Trust Index controls

    Opt-in category choices, privacy requests, DNS TXT or HTTPS file verification status, proof token metadata, and the domain visibility state needed to honor owner controls.

    04

    Operations and safety

    IP-derived request data, device or rate-limit identifiers, error logs, anti-abuse signals, support messages, waitlist entries, roadmap votes, and product usage events.

    05

    Billing providers

    If you buy a paid plan, the hosted payment provider handles payment details. VibeLeak stores checkout/customer references, plan state, invoices or payment status, and support metadata, not full card numbers.

    02 / How we use data

    • Run public-surface scans, save results, generate share links, export reports, and show the scanner state you requested.
    • Detect abuse, enforce limits, block private-network scanning, secure accounts, debug incidents, and maintain service reliability.
    • Operate the Trust Index, including opt-in Hall of Fame listings, Most Improved entries, Recent feed thresholds, and verified domain privacy controls.
    • Send transactional emails such as magic links, scan/watch notifications, billing messages, account updates, and security notices.
    • Improve scoring, remediation quality, documentation, support, analytics, roadmap prioritization, and product performance.

    03 / Sharing and processors

    • Hosting, compute, storage, auth, database, email, analytics, anti-abuse, monitoring, and payment providers that process data for VibeLeak.
    • Legal, safety, fraud-prevention, compliance, or security disclosures when required or reasonably necessary.
    • Business transfers such as merger, acquisition, financing, or asset sale, with protections appropriate to the transaction.

    04 / Public visibility

    A saved scan can have a share URL that anyone with the link may open. Public Trust Index entries are separate: qualifying A/S results can opt into the Hall of Fame, improvement data may appear in aggregate/list views, and verified owners can request domain privacy controls.

    Privacy requests are hidden from Trust Index list views while ownership proof is pending for the active verification window. Verified requests stay hidden according to the product control.

    05 / Retention and security

    We keep service data only as long as needed for product operation, security, billing, support, analytics, legal obligations, and legitimate audit history. Security logs, rate-limit signals, and abuse-prevention records may be retained longer when needed to protect the service.

    No internet service can guarantee perfect security, but VibeLeak uses reasonable technical and operational safeguards and limits collection to what the scanner and account flows need.

    06 / Your rights and choices

    • You can request access, correction, export, or deletion of account/contact data where applicable.
    • California residents may have rights to know, delete, correct, opt out of sale/share, limit sensitive personal information, and non-discrimination. VibeLeak does not sell personal information or share it for cross-context behavioral advertising.
    • EU/EEA/UK users may have rights to access, rectify, erase, restrict, object, portability, and lodge a complaint with a supervisory authority. Processing may rely on contract, legitimate interests, consent, or legal obligations depending on the feature.
    • Marketing emails, if any, include an unsubscribe path. Transactional and security messages may still be sent when needed to operate the service.

    07 / Contact and changes

    For privacy requests, contact VibeLeak at hello@vibeleak.app. We may update this policy as the product, providers, or legal requirements change; the updated date will show when the notice changes materially.

    vibeleak@public-console:~$ privacy --scope public-scan --owner-controls enabled