Privacy Policy

Effective Date: January 11, 2026. Vibe Assurance Limited ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your information when you use the Vibe Assurance platform and related services.

1 Information We Collect

We collect information necessary to provide our governance, risk, and compliance platform:

Account Information

  • Email address and username for account identification
  • Cryptographically hashed passwords (we never store plaintext passwords)
  • Organization and team membership details
  • Subscription and billing information processed by Stripe

Governance Data

  • Change requests, implementation plans, and verification reports you create
  • Risk register entries and treatment plans
  • Vulnerability records and remediation tracking
  • Security audit reports and findings

Technical & Usage Data

  • IP addresses and browser information for security monitoring
  • Feature usage patterns to improve the platform
  • Error logs for troubleshooting (anonymized where possible)

2 How We Use Your Information

We use the information we collect to:

  • Provide our services: Store governance artifacts, track risks and vulnerabilities, and manage compliance documentation
  • Process payments: Manage subscriptions and billing through our payment processor (Stripe)
  • Improve the platform: Analyze usage patterns to enhance features and user experience
  • Maintain security: Detect and prevent unauthorized access, fraud, and abuse
  • Communicate with you: Send service updates, security alerts, and support responses

3 Zero-Training Commitment

We do not use your data to train models or algorithms. Your governance documents, risk assessments, security reports, and any other content you create or store on our platform remain your exclusive intellectual property. Vibe Assurance is a governance platform, not a data aggregation service.

4 Data Security

We implement industry-standard security measures to protect your data:

Encryption

Sensitive data encrypted at rest. All data in transit protected by TLS 1.3.

Authentication

HTTP-only cookies, JWT tokens, bcrypt password hashing, and rate limiting on authentication endpoints.

Infrastructure

Hosted on Microsoft Azure with security headers (CSP, HSTS, X-Frame-Options) and CORS protection.

Access Control

Role-based permissions, project-level data isolation, and audit logging of administrative actions.

5 Third-Party Services

We integrate with the following third-party services to provide our platform:

  • Stripe: Payment processing is handled by Stripe. We do not store credit card numbers; Stripe handles all payment data per their privacy policy.
  • Microsoft Azure: Our infrastructure is hosted on Azure. Data is stored in Azure data centers with enterprise-grade security.

We do not sell, rent, or share your data with advertising networks, data brokers, or any third parties for marketing purposes.

6 Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Account data: Retained while your account is active
  • Governance artifacts: Retained until you delete them or close your account
  • Billing records: Retained as required by law for tax and accounting purposes

7 Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate personal data
  • Deletion: Request deletion of your account and associated data
  • Export: Download your governance artifacts and data
  • Restriction: Request we limit processing of your data in certain circumstances

To exercise these rights, contact us at privacy@vibeassurance.app.

8 Account Deletion

You have the right to be forgotten. Upon account deletion request, we will permanently remove your account data, governance artifacts, and project data from our production systems within 30 days. Backups are purged on a rolling 90-day cycle. Some data may be retained as required by law (e.g., billing records for tax compliance).

9 Cookies & Local Storage

We use cookies and local storage for essential platform functionality:

  • Authentication cookies: HTTP-only cookies to maintain your login session (essential)
  • Theme preference: Local storage to remember your dark/light mode preference
  • CSRF protection: Tokens to prevent cross-site request forgery attacks

We do not use tracking cookies, advertising cookies, or third-party analytics that track users across websites.

10 International Data Transfers

Vibe Assurance is operated from New Zealand. Your data may be processed in regions where our infrastructure providers (Microsoft Azure) operate. We ensure appropriate safeguards are in place for any international data transfers, including standard contractual clauses where required.

11 Children's Privacy

Vibe Assurance is designed for professional software development teams and is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date. For significant changes, we may also notify you via email. Your continued use of the platform after changes constitutes acceptance of the updated policy.

13 Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: