Back to Home

Code Handling Policy

Last updated: March 7, 2026

This document explains exactly how we handle your code during a VibeSniffer scan. We know your code is precious — here's our promise about how we treat it.

The Promise

Your code never leaves our secure scanning environment and is deleted immediately after analysis.We don't store it, we don't copy it, we don't train AI models with it. We just analyze it temporarily and throw it away.

How Code Flows Through Our System

Step 1: Authorization

  • You authorize VibeSniffer via GitHub OAuth
  • We request minimal permissions: read access to repositories
  • You choose which specific repo to scan
  • GitHub generates a temporary access token for us

Step 2: Code Retrieval

  • Our scanner connects to GitHub's API using your token
  • We download the repository contents to our secure scanning environment
  • Code is stored temporarily in memory and encrypted temporary storage
  • Duration: Usually 30 seconds to 2 minutes depending on repo size

Step 3: Analysis

We run 35 pattern-based rules against your codebase. These rules look for common code quality patterns:

  • Unused variables
  • Long functions
  • Missing error handling
  • Inconsistent formatting
  • Potential security patterns
  • Documentation coverage
  • Test coverage indicators
  • And 28 other quality indicators

Step 4: Report Generation

We compile findings into a plain-English report. Report contains:

  • Pattern descriptions ("Found 3 functions over 50 lines")
  • Improvement suggestions
  • Overall code health metrics
  • What it DOESN'T contain: Your actual code snippets

Step 5: Immediate Deletion

  • Your code is permanently deleted from our systems
  • Only the analysis report is saved to your account
  • Timeline: Code deletion happens within 5 minutes of scan completion
  • Verification: Our system logs code deletion with timestamps

Step 6: Report Delivery

  • You get access to your scan report
  • Results are stored in our encrypted database
  • You can view results anytime in your VibeSniffer account

What We Store vs. What We Delete

✅ We Store (Permanently)

  • Scan results: The report with findings and vibe score
  • Metadata: Repo name, scan date, file count, lines of code
  • Pattern matches: Which rules triggered, but not the specific code that triggered them
  • Account info: Your GitHub username, email, payment records

❌ We Delete (Immediately)

  • Your actual source code
  • File contents
  • Comments and documentation text
  • Variable names and function names
  • Directory structure details
  • Anything that could reconstruct your codebase

Security Measures

Encryption

  • In transit: All data encrypted with TLS 1.3
  • At rest: Code temporarily encrypted with AES-256
  • Database: Scan results encrypted in our PostgreSQL database

Access Controls

  • Only our automated scanning system accesses your code
  • No human employees can see your code
  • Scanner runs in isolated containers
  • Access logs track all operations

What Our Reports Contain

Included in Reports

  • Pattern detection results ("Found 12 TODO comments")
  • Code quality metrics (lines of code, file count, estimated complexity)
  • Improvement suggestions written in general terms
  • Vibe score calculation breakdown

NOT Included in Reports

  • Actual code snippets or lines
  • Function names or variable names
  • Comments or documentation content
  • File names or directory structures
  • Anything that would reveal your business logic

Example Report Snippet

✅ GOOD VIBES:
- Consistent indentation across files
- Most functions under 20 lines
- Good test coverage indicators

🤔 ROOM FOR IMPROVEMENT:
- 7 functions over 50 lines (consider breaking these up)
- 23 TODO comments (time for some cleanup?)
- Limited error handling in several areas

Notice how this gives you useful feedback without exposing any of your actual code.

Your Rights & Controls

GitHub Access Control

  • You can revoke our access anytime via GitHub settings
  • Revocation is immediate — we lose access instantly
  • We respect GitHub's permission scopes strictly

Data Deletion Rights

  • Request deletion of all scan results via support@vibesniffer.dev
  • Complete account deletion available
  • We'll confirm deletion within 48 hours

Contact & Questions

Questions about how we handle your code?

  • Email: security@vibesniffer.dev
  • Response time: Within 24 hours for security questions
  • Technical questions: support@vibesniffer.dev

The Bottom Line

Your code is your intellectual property. We built VibeSniffer to give you insights without compromising your code's security. We look at it just long enough to analyze it, then we forget it completely.

Think of us like a code review buddy who has amnesia — we'll give you feedback, then immediately forget everything we saw.

Trust is earned through transparency. If you have any questions about our code handling, just ask.