PRIVACY POLICY

Last updated: March 18, 2026

1. Introduction

CodeShant Technologies ("we", "us", "our") operates VibeDoctor. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

• Email address: Required for account creation, scan delivery, and communication
• App/Website URL: Provided for website scanning
• GitHub account connection: OAuth authorization for repository access (read-only)
• Payment information: Processed and stored by Stripe; we do not store card details

2.2 Information Collected Automatically

• IP address: Used for rate limiting and abuse prevention
• Usage data: Scan counts, feature usage, and interaction patterns
• Scan results: Security findings, performance scores, and code quality metrics generated during scans

2.3 GitHub Data

• We access your repositories in read-only mode via GitHub App installation
• Your codebase is read and analysed in memory during the scan only - it is not copied, stored, or retained after the scan completes
• We do not permanently store your source code in any form
• We store only scan results, diagnostic metrics, and generated reports - never the code itself

2.4 Code Intelligence Metadata

To provide version-tracked code health monitoring, we store structural metadata extracted from your codebase during scans. This includes:

• File names, paths, and sizes - to identify files and track changes between scans
• Symbol names (function, class, and method names) - to track code structure and map findings to specific code elements
• Module structure and import relationships - to detect dependencies and assess blast radius of changes
• Health scores and finding counts per file and symbol - to track quality trends over time
• Version-to-version diffs - to show what changed, improved, or regressed between scans

This is structural metadata only. No actual source code content, proprietary logic, or file contents are stored. Your source code is read in memory during the scan and discarded immediately after analysis. This metadata is retained with your account and deleted upon account deletion.

3. How We Use Your Information

• To provide and maintain the Service (scanning, monitoring, reporting)
• To send scan reports, alerts, and status emails
• To process payments and manage subscriptions
• To prevent abuse, enforce rate limits, and maintain security
• To improve the Service based on aggregated, anonymized usage patterns
• To send relevant product updates (you can unsubscribe at any time)

4. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe: Payment processing
• Brevo: Marketing and transactional email delivery
• Resend: Transactional email delivery
• GitHub: Repository access via OAuth
• Google Analytics: Anonymous website usage analytics (loaded only after cookie consent)
• Anthropic (Claude AI): Anonymized scan data for AI-powered report generation (no source code is sent)

5. Data Retention

• Scan reports: Retained for the duration of your account
• Source code: Accessed in read-only mode during scanning only; no code is retained after the scan completes
• Code intelligence metadata: Structural metadata (file names, symbol names, health scores, diffs) retained for the duration of your account to enable version tracking; deleted upon account deletion
• Account data: Retained until account deletion
• Payment records: Retained as required by law

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (TLS) for all data in transit
• Encrypted storage for sensitive data at rest
• Access controls and authentication for all systems
• Regular security audits of our own infrastructure

7. Your Rights

You have the right to:

• Access: Request a copy of your data
• Deletion: Request deletion of your account and associated data
• Correction: Update inaccurate information
• Portability: Export your scan reports
• Opt-out: Unsubscribe from marketing emails at any time

To exercise any of these rights, contact [email protected].

8. Cookies and Analytics

We use essential cookies for authentication and session management. We also use Google Analytics to collect anonymous usage data (pages visited, session duration, device type). Google Analytics cookies are loaded only after you provide consent via our cookie banner. You can withdraw consent at any time by clearing your browser's local storage. We do not use advertising cookies or sell analytics data.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors.

10. Data Location and International Transfers

Our servers are located in Europe. If you access the Service from outside Europe, your data will be transferred to and processed on our European servers. We ensure appropriate safeguards are in place for all international data transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on the Service.

12. Contact Us

For privacy-related inquiries, contact us at [email protected].

Operated by CodeShant Technologies(UDYAM-BR-26-0188408)