Privacy.

1. What we collect

The desktop app stores configuration, prompt cache, and event logs locally on your computer. Workspace settings you configure in this web app — billing email, team members, allowlisted hooks — sync to our servers because they are workspace-scoped.

• Account — name, email, OAuth provider id (Google / Microsoft / GitHub).
• Workspace settings — names, members, hook policies, billing.
• Anonymous diagnostics — crash reports without code or prompts attached. Opt-in.

2. What we never collect

• The contents of your repositories.
• The prompts you send to Claude, Cursor, Codex, or any other model.
• The responses those models produce.
• Your API keys for any LLM provider.

Those live exclusively in your local VibeIQ database, encrypted at rest with a key derived from your OS keychain.

3. Training

We do not train models on your data. We do not sell your data. We do not share your data with model providers for the purpose of training.

4. Sub-processors

• OAuth providers (Google, Microsoft, GitHub) — to sign you in.
• Stripe — to handle workspace billing.
• A US-based managed Postgres provider — to store workspace settings.

5. Your controls

You can delete your workspace at any time from /settings. Deletion is immediate for our database and propagates to backups within 30 days. Local data is removed when you uninstall the app.

6. Contact

Privacy questions: privacy@vibeiq.dev.