Privacy Policy

When you use the local package only, project memory files stay on your machine unless you explicitly push or submit hosted review output.

When you connect GitHub or use the hosted dashboard, VibeCompass reads the repository metadata and source files needed to build project memory, run scans, generate proposals, and keep the dashboard current.

When you connect MCP, the MCP server reads project memory so your coding tool can retrieve context during a session.

AI-assisted scans and docs-review requests may send relevant repository snippets, diffs, file paths, existing architecture docs, decisions, and session context to Anthropic so a model can generate project-memory output.

VibeCompass sends the minimum practical context for the requested workflow. It does not intentionally send secrets, and you should not commit secrets to repositories or project-memory files.

Anthropic states that standard API inputs and outputs are deleted within 30 days unless a different agreement applies, such as zero data retention, or retention is required for safety, policy enforcement, or law. VibeCompass may enable stricter retention settings where available for its account.

Account data such as your email, GitHub identity, project records, sync credentials, API key hashes, and billing state when billing is enabled.

Project memory such as domains, features, components, decisions, conflicts, session summaries, sync runs, proposals, docs-review artifacts, and revision metadata.

Waitlist signups, including email address, source, referrer, user-agent, and timestamps, so we can send product updates and beta invitations.

Local project-memory files remain under your control and can be deleted from your own repository or filesystem.

Hosted project data is retained while your account or project remains active. Account deletion removes hosted account data and associated project records from the live application, subject to backups, security logs, and legal obligations.

You can request deletion or export help by emailing privacy@vibecompass.dev from the address associated with your account or waitlist signup.

API keys are stored as hashes. VibeCompass cannot show an API key again after creation.

Hosted proposal review does not silently overwrite local-primary project-memory files. You export and apply accepted output locally, then push to confirm canonical state.

VibeCompass uses infrastructure providers such as Vercel and Supabase to host the application and database.