Security & Data Handling
What VibeSafe protects, and an honest list of what it doesn't
Trust matters more when a tool is looking at your code. Here's exactly what VibeSafe checks for, how your data is handled, and where its limits are — no marketing spin.
What VibeSafe scans for
- Exposed API keys, tokens, and hardcoded secrets
- SQL injection and cross-site scripting (XSS) patterns
- Weak or missing authentication checks
- Missing, outdated, or known-vulnerable dependencies
- Runtime errors — missing awaits, unhandled promise rejections, null risks
- Database misconfigurations (e.g. missing Row-Level Security in Supabase)
How your code and data are handled
- Code submitted for scanning is processed in memory and discarded after the scan
- Your code is never used to train AI models
- Your code is never shared with third parties
- Only scan results (score, issue summary) are stored in your account — not raw code
- All traffic is encrypted over HTTPS/TLS
- Authentication is handled by Supabase Auth; you can delete your account and data anytime
What VibeSafe does not do
- Does not perform a full penetration test
- Does not guarantee 100% vulnerability coverage — no scanner can
- Does not replace a professional security audit for high-risk applications (fintech, healthcare, etc.)
- Does not continuously monitor your live, deployed app in real time
- Does not fix architectural or design-level security issues automatically — those are flagged, not auto-fixed
Run a free scan →
See exactly what it finds in your own code — 3 free scans/month
Responsible disclosure
Found a security vulnerability in VibeSafe itself? Please report it privately to contact@vibesafe.info with steps to reproduce. We'll acknowledge within 48 hours, keep you updated while we fix it, and credit you (if you'd like) once it's resolved. Please don't test against other users' data or publicly disclose before we've had a chance to patch.
An honest note. VibeSafe catches the most common, most dangerous mistakes in AI-generated code quickly. For anything handling sensitive user data at scale, combine it with a professional security review. See our full Privacy Policy for legal detail.
Related guides: