Loading VibeLint...
Loading VibeLint...
Last updated: June 29, 2026
Short version: We collect only what we need to run the service — your email, subscription status, information you choose to submit through forms, and anonymous usage signals from the CLI. We never sell your data. We never scan or store your source code.
VibeLint ("we", "us", "our") is a security scanning tool for AI-assisted codebases, operated by Rachid Elharrak ("Operator"). Our service is accessible at vibelint.dev.
For questions about this policy, contact us at hi@vibelint.dev.
When you create an account, we collect:
When you subscribe to a paid VibeLint plan, our payment processor Dodo Payments collects your payment details. We never see or store your full card number. We store only:
For VibeLint accounts, we store:
When the Code Security MCP starts successfully with a valid license, it sends a small account-linked connection record containing:
This connection record contains no source code, file names, file paths, machine identifiers, or scan findings. It powers installation and connection status in the user and admin dashboards.
If dashboard sync is enabled, VibeLint may send scan summaries (issue counts and severity levels) to your dashboard. We never receive the actual code that triggered an issue — only the detector name, severity, and file path.
Dashboard sync is opt-in and can be disabled by setting VIBELINT_NO_SYNC=1.
We use Vercel Analytics to collect anonymous, aggregate data about visits to vibelint.dev, including page views and referrer information. No cookies are used for analytics. No personal identifiers are collected.
If you apply to the VibeLint Partner Program, we store the information needed to review and manage your application:
We use this information only to review your application, contact you about the partner program, and administer the relationship if approved.
For approved affiliates, we also process versioned agreement acceptance, aggregate link visits, optional consented first-party attribution, conversion and immutable commission-ledger records, masked and encrypted payout-email data, payout history, fraud-review evidence, and external tax-portal status. Affiliates never receive buyer names, emails, account IDs, or payment details. We do not store raw referral IP addresses, full user agents, full referrer URLs, card data, tax identification numbers, identity documents, or tax-form files.
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address | Account creation, transactional emails (receipts, license keys) | Contract performance |
| Subscription status | Controlling access to Pro features | Contract performance |
| License key hash | Validating the CLI at startup | Contract performance |
| License validation time | Recording license activity | Legitimate interest |
| Code MCP connection data | Showing installation and connection status | Legitimate interest |
| Scan summaries (opt-in) | Displaying results in your dashboard | Consent |
| Website analytics | Understanding traffic to improve the landing page | Legitimate interest |
| Affiliate application data | Reviewing and administering partner applications | Steps taken at your request |
| Affiliate attribution and financial records | Crediting referrals, handling refunds and disputes, and paying affiliates | Contract performance and legal obligation |
We share data with the following third-party services to operate VibeLint. Each has been assessed for GDPR compliance.
| Service | Purpose | Data shared |
|---|---|---|
| Clerk (clerk.com) | Authentication (sign up, sign in, sessions) | Email, name, OAuth tokens |
| Supabase (supabase.com) | Database — stores account, license, and affiliate application data | Email, subscription status, key hashes, partner application details |
| Dodo Payments (dodopayments.com) | Payment processing and subscriptions | Email, billing details |
| PayPal and Wise | Manual affiliate payout transfer | Affiliate payout email, transfer amount, and reference |
| Resend (resend.com) | Transactional affiliate and account email | Recipient email and message content |
| External accountant-approved tax portal | Tax-document collection and verification | Information submitted directly by the affiliate; VibeLint stores only status and an opaque reference |
| Vercel (vercel.com) | Hosting the web application and API | Request logs (IP, user agent) |
We do not sell your data to any third party. We do not use your data for advertising.
Under GDPR and similar privacy laws, you have the right to:
Account deletion disables an affiliate link and removes eligible application and social-review data. Records required for refunds, disputes, settlement, tax, fraud prevention, or legal compliance are pseudonymized and retained; they are not silently deleted while money remains unsettled.
To exercise any of these rights, email hi@vibelint.dev. We will respond within 30 days.
Clerk uses necessary cookies to keep you signed in. Vercel Analytics remains aggregate and cookie-free. When you arrive through an affiliate link, VibeLint counts a bot-filtered aggregate visit. With your explicit choice, VibeLint may set a first-party, HttpOnly referral cookie for up to 30 days so an eligible new account and first payment can be attributed. Declining creates no attribution. A separate signed necessary cookie remembers the consent choice.
You can withdraw referral consent or delete browser cookies at any time. Withdrawal deletes an unclaimed browser referral and blocks future attribution, but it cannot rewrite a completed financial transaction. Deleting the Clerk session cookie signs you out.
We take reasonable technical and organizational measures to protect your data, including:
To report a security vulnerability in VibeLint itself, see our Security Policy.
VibeLint is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hi@vibelint.dev.
We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For material changes, we will notify you by email. Continued use of VibeLint after changes constitutes acceptance of the updated policy.
For privacy-related questions, data requests, or to request a Data Processing Agreement (DPA) for your organization: