Vibe Coach

Privacy Policy

Last updated: March 10, 2026

Effective: March 10, 2026

TL;DR

  • We collect your email and anonymous usage data to improve the product.
  • We never read, store, or transmit the contents of your source code files.
  • You can opt out of analytics anytime in VS Code settings. Website analytics can be blocked via browser privacy settings or Do Not Track.
  • You can request deletion of your data by emailing help@letsvibecheck.ai.

1. Who we are

Well Spent Style, LLC dba Vibecheck AI · 1717 N Street NW, STE 1 · Washington, DC 20036

Contact: help@letsvibecheck.ai

2. What we collect and why

CategoryExamplesWhy we collect it
Account informationEmail address, hashed passwordCreate and secure your account, communicate with you about the Service
Profile and preferencesOnboarding answers (like your operating system, tools you use, experience level), email preferencesPersonalize your experience, understand our user base
Usage dataWhich features you use, lesson progress, setup steps completedImprove the product, track your learning journey
Technical dataOperating system, browser type, VS Code version, tech stack detected from config filesUnderstand what our users build with, prioritize integrations, fix compatibility issues
Aggregated code quality metricsCounts of patterns detected locally in the extension (e.g., “3 missing error handlers”) — aggregated on your machine before transmission. Never filenames, code content, or function namesPrioritize educational content, understand skill gaps at a cohort level
Error and diagnostic dataError messages, stack traces, browser/OS infoFix bugs, improve stability
Email delivery dataDelivery status, bouncesEnsure emails reach you, comply with email regulations
Consent recordsWhat you agreed to, when, which version of our termsLegal compliance and audit trail

For a detailed breakdown of specific data points, storage locations, and retention periods, see the Data Practices Details section below.

3. What we do NOT collect

  • The contents of your source code files (we detect file existence and count patterns from config files, but never read, store, or transmit source code)
  • Your terminal commands or output
  • Your Git history or commit messages
  • Screenshots or screen recordings
  • Keystrokes or clipboard data
  • Your precise location (no GPS). Note: your IP address may be received by our analytics provider (PostHog) as part of standard web requests, but we do not use it to determine your location
  • Payment information (if we add paid features, payment data will be handled by a third-party payment processor — we will never store your full card number)

4. Third-party services

We use third-party service providers to operate Vibecheck. These include:

CategoryPurposeCurrent providers
Database and authenticationStore your account, content, and preferencesSupabase
AnalyticsUnderstand how the product is usedPostHog
Error monitoringDetect and fix bugsSentry
Email deliverySend you product emailsResend
Lead managementManage waitlist and outreachAirtable
Authentication providersLet you sign in via third-party accountsGitHub, Google

We may add or change service providers. Adding a new provider within an existing category (e.g., switching analytics tools) is a non-material change — we’ll update the Data Practices Details section but won’t require re-acceptance. Adding a new category of service (e.g., payment processing) is a material change and will follow the 30-day notice process.

Each provider’s privacy policy is linked in the Data Practices Details appendix.

5. Cookies and local storage

  • sb-* cookies: Supabase authentication session (essential, no opt-out)
  • ph_* cookies: PostHog analytics (opt out via VS Code vibeCoach.analyticsEnabled setting)
  • sessionStorage: Temporary OAuth state, cleared after login completes
  • localStorage: PostHog anonymous ID, onboarding progress
  • ~/.vibecoach/learning-store.json: Lesson progress stored locally on your machine

6. How to opt out

  • Extension analytics: Set vibeCoach.analyticsEnabled to false in VS Code settings. Takes effect immediately — no restart needed.
  • Website analytics: Use your browser’s Do Not Track setting or a privacy extension (e.g., uBlock Origin) to block PostHog. A dedicated website opt-out toggle is planned for a future release.
  • Marketing emails: Click “Unsubscribe” in any email footer, or email help@letsvibecheck.ai.
  • Account deletion: Email help@letsvibecheck.ai. We’ll delete your account and associated data within 30 days. Local data in ~/.vibecoach/ must be deleted by you.

7. Your rights

  • Access: Request a copy of your data.
  • Deletion: Request we delete your data. We respond within 30 days.
  • Correction: Request we fix inaccurate data.
  • Portability: Request your data in a machine-readable format.
  • Opt out: Of analytics and marketing emails at any time.
  • Object: To processing based on legitimate interest.
  • Non-discrimination: We won’t penalize you for exercising your rights.

To exercise any right, email help@letsvibecheck.ai.

9. California residents (CCPA)

  • We do not sell your personal information.
  • We do not use personal information for cross-context behavioral advertising.
  • You have the right to know, delete, and opt out. Contact help@letsvibecheck.ai.

10. International data transfers

All data is stored in the US (Supabase, PostHog, Sentry).

For EU users: transfers rely on Standard Contractual Clauses via our sub-processors.

11. Children’s privacy

Vibecheck is not intended for anyone under 16. We do not knowingly collect data from anyone under 16.

If we discover we have, we’ll delete it promptly. Contact help@letsvibecheck.ai.

13. Data security

  • All data encrypted in transit (TLS) and at rest.
  • OAuth tokens encrypted with AES-256-GCM; encryption keys never touch our server.
  • Auth handoff tokens auto-deleted after 5 minutes.
  • Row-level security on all database tables.
  • If we discover a data breach, we’ll notify relevant regulatory authorities within 72 hours (as required by GDPR) and affected users without undue delay.

14. Data retention

  • Account data: Kept while account is active + 30 days after deletion request.
  • Activity events (Supabase): 90-day auto-cleanup.
  • Error logs (Sentry): 90 days.
  • Analytics events (PostHog): Up to 24 months.
  • Consent records: As long as required for legal compliance.
  • Auth handoffs: 5 minutes (auto-deleted).

Specific retention periods for each data point are listed in the Data Practices Details appendix.

15. Changes to this policy

Change typeHow we handle it
Material changesCollecting new categories of data, sharing data with new categories of third parties, reducing your rights. We’ll notify you via email at least 30 days before they take effect. If you don’t agree, you may close your account.
Non-material changesAdding a data point within an existing category, swapping a service provider within an existing category, clarifications, formatting. Updated on this page with a new “Last updated” date. Continued use means acceptance.

We maintain a version history of this policy (tracked in our source code repository).

16. Supplemental notices

We may provide additional privacy notices for specific products or features (e.g., a mobile app, a browser extension marketplace listing, or a team administration panel). These supplemental notices are in addition to — not replacements for — this policy. If a supplemental notice conflicts with this policy, the supplemental notice applies for that specific product or feature.

17. Contact

help@letsvibecheck.ai

Well Spent Style, LLC dba Vibecheck AI · 1717 N Street NW, STE 1 · Washington, DC 20036

18. Data Practices Details

Appendix — This section is updated more frequently than the main policy body. Updates here are non-material changes unless they introduce a new data category.

Data points

Data pointStored inRetentionOpt out
Email addressSupabaseAccount active + 30 daysDelete account
Hashed passwordSupabaseAccount active + 30 daysDelete account
Onboarding answersSupabaseAccount active + 30 daysDelete account
Email preferencesSupabaseAccount active + 30 daysUnsubscribe link
Feature usage eventsPostHogUp to 24 monthsanalyticsEnabled: false
Lesson progressSupabase + local fileAccount active + 30 daysDelete account + local file
Activity eventsSupabase90-day auto-cleanupDelete account
Error reportsSentry90 daysN/A (essential)
Consent recordsSupabaseLegal compliance periodN/A (required)
Auth handoff tokensSupabase5 minutes (auto-deleted)N/A (essential)
Email delivery logsResendPer Resend retentionUnsubscribe

Third-party providers

ProviderPurposePrivacy policy
SupabaseDatabase, auth, storagesupabase.com/privacy
PostHogProduct analyticsposthog.com/privacy
SentryError monitoringsentry.io/privacy
ResendEmail deliveryresend.com/legal/privacy-policy
AirtableLead managementairtable.com/company/privacy
GitHubOAuth sign-ingithub.com/privacy
GoogleOAuth sign-inpolicies.google.com/privacy

Additional policies

Payment data

If you purchase paid features, payment is processed by a third-party payment processor. We receive a transaction confirmation and the last four digits of your payment method — never your full card number. The payment processor’s privacy policy applies to the data they collect.

User-generated content

If you submit content through community features, we process it to display, moderate, and improve the Service. You may request deletion of your submissions at any time.

Team and organization data

If you use Vibecheck as part of a team, your team administrator may access aggregated usage data and manage team settings. Individual activity (such as lesson progress) is not visible to administrators.

Your individual privacy rights (access, deletion, opt-out) still apply regardless of team membership.

Well Spent Style, LLC dba Vibecheck AI · 1717 N Street NW, STE 1 · Washington, DC 20036