Privacy Policy

Effective Date: May 5, 2026

Your Code is Protected

Source code is processed in real-time and never permanently stored. All analysis happens in isolated, encrypted environments.

No AI Training

Your code is never used to train machine learning models or shared with third parties for any purpose.

Minimal Data Collection

We only collect what's necessary to provide the service. You control your data and can request deletion at any time.

Right to Deletion

Delete your account and all associated data at any time through your settings or by contacting us.

1. Introduction

Human Co-Pilot Inc. (“Company,” “we,” “us,” or “our”) operates the Vibe to Production platform (“Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and the confidentiality of your code. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials when you create an account
  • Profile Information: Optional information you choose to add to your profile
  • Payment Information: Billing address and payment method details (processed by our payment processor; we do not store full card numbers)
  • Repository Access Tokens: OAuth tokens or personal access tokens you provide to connect code repositories
  • Communications: Information you provide when contacting support or providing feedback

2.2 Information Collected During Analysis

  • Code Metadata: Repository names, file structures, programming languages detected, and timestamps
  • Analysis Results: Security findings, performance metrics, accessibility issues, and recommendations generated by our analysis
  • Audit Reports: Summary reports and certification status

Important: We do NOT permanently store your source code. Code is processed in real-time within isolated, encrypted environments and is not retained after analysis completion. Only metadata and analysis results are stored.

2.3 Automatically Collected Information

  • Device Information: Browser type, operating system, and device identifiers
  • Usage Data: Pages visited, features used, and interaction patterns
  • Log Data: IP addresses, access times, and referring URLs
  • Cookies: Session cookies for authentication and analytics cookies (with your consent)

3. How We Protect Your Code

We understand that your source code is your most valuable intellectual property. Here's exactly how we protect it:

Real-Time Processing Only

Your source code is streamed directly into our analysis engine, processed, and immediately discarded. We do not write source code to disk or retain it in any database. Only the analysis results (findings, metrics, recommendations) are stored.

Isolated Sandboxed Environments

Each analysis runs in a dedicated, isolated container that has no network access except to our internal services. After analysis completes, the container and all its contents are destroyed. There is no cross-contamination between different users' analyses.

End-to-End Encryption

All data in transit is encrypted using TLS 1.3. Any temporary data at rest is encrypted using AES-256. Encryption keys are managed using industry-standard key management practices with regular rotation.

No AI/ML Training

Your code is NEVER used to train machine learning models, whether ours or any third party's. We do not aggregate code across customers. Your code is yours alone.

Access Controls and Auditing

Access to analysis infrastructure is restricted to a small number of authorized personnel. All access is logged, monitored, and regularly audited. We maintain SOC 2 Type II compliance.

Token Security

Repository access tokens are encrypted at rest and are only used to fetch code during analysis. We request only the minimum permissions necessary (read-only access). You can revoke access at any time through your settings or your repository provider.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Perform code analysis, generate reports, and issue certifications
  • Account Management: Create and manage your account, process payments, and communicate with you
  • Improve the Service: Analyze usage patterns to improve our analysis algorithms and user experience (using aggregated, anonymized data only)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and respond to lawful requests
  • Communications: Send service updates, security alerts, and (with your consent) marketing communications

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: Third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, email delivery). These providers are contractually obligated to protect your data.
  • Legal Requirements: When required by law, court order, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified of any such change)
  • With Your Consent: When you explicitly authorize us to share information
  • Certification Verification: If you display a certification badge, we may confirm certification status to third parties who verify the badge

We never share your source code with any third party. Analysis results are only shared as described above or with your explicit consent.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Analysis Results: Retained for 2 years to allow historical comparison and re-certification
  • Certification Records: Retained indefinitely as part of our certification registry
  • Source Code: Not retained (processed in real-time only)
  • Log Data: Retained for 90 days for security and debugging purposes

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your information
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@vibe2production.io or use the controls in your account settings. We will respond to requests within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how users interact with the Service (can be disabled)
  • Preference Cookies: Remember your settings and preferences (can be disabled)

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

9. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. We use appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable.

10. Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance
  • Employee security training and background checks
  • Incident response procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@vibe2production.io.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Human Co-Pilot Inc.

Email: support@vibe2production.io

Website: https://vibe2production.io/

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). Human Co-Pilot Inc. acts as the data controller. Our legal bases for processing include:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for security, fraud prevention, and service improvement
  • Consent: Processing based on your explicit consent (e.g., marketing communications)
  • Legal Obligation: Processing required by law

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

© 2026 Human Co-Pilot Inc. All rights reserved.

Terms of Service|Back to Home