Privacy Policy

Last updated: 15th January, 2026

This Privacy Policy explains how Vibio ("Vibio", "we", "us") collects, uses, and protects information when you use our website and services (the "Service").

If you have questions, contact us at: james@unbusy.work.

1) What Vibio does

Vibio helps you scan web applications and codebases to identify vulnerabilities, security issues, and production gaps, and then provides a prioritized fix plan. Depending on the feature you use, Vibio may scan:

  • a public URL you provide (URL scan), and/or
  • a repository/code snapshot you provide (codebase scan).

2) Information we collect

A) Account information

If you create an account or sign in (for example via GitHub or email login), we may collect:

  • your email address
  • account identifiers (such as a user ID)
  • authentication metadata required to operate the Service

B) URL scan information

When you run a URL scan, we may collect:

  • the URL you submit
  • public responses from that URL (such as headers, status codes, redirect chains)
  • limited crawl metadata (e.g., pages visited, discovered asset URLs)
  • scan results (findings, evidence pointers, timestamps)

We do not attempt to access private areas of your site without credentials, and we do not perform unsafe or aggressive probing.

C) Codebase scan information

When you upload a snapshot or connect a repository for a scan, we may process:

  • file paths and project structure
  • configuration files and dependency manifests (e.g., package manifests, lockfiles)
  • selected code excerpts needed to produce findings and evidence
  • scan results (findings, evidence pointers, fix packs, and target architecture proposals)

We do not need or want your node_modules, build outputs, caches, or large binaries. Our scanning process is designed to ignore these where possible.

Code storage (important)

We do not store your codebase as a persistent copy. For codebase scans, we process a temporary snapshot to generate scan artifacts (like file inventories, findings, and evidence). We delete the uploaded snapshot/temporary workspace as soon as the scan completes (or fails), and we retain only the scan results and minimal evidence needed to show you what was found.

D) Payment information

If you purchase a paid plan, payments are typically handled by a third-party payment processor (e.g., Stripe). We do not store full payment card details on our servers. We may store billing-related metadata (e.g., subscription status, invoices IDs) needed to provide the Service.

E) Usage and device information

Like most websites, we may collect basic analytics and log data such as:

  • IP address (often in server logs)
  • device/browser type
  • pages visited and actions taken in the Service
  • approximate location (derived from IP)
  • timestamps and performance metrics

3) How we use information

We use information to:

  • provide, operate, and maintain the Service
  • run scans you request and generate scan results and fix plans
  • authenticate users and secure accounts
  • improve performance, reliability, and user experience
  • communicate with you about your account or service updates
  • prevent fraud, abuse, and security incidents
  • comply with legal obligations

4) AI usage (where applicable)

Some Vibio features may use AI to review and validate scan outputs and suggest additional items. When AI is used:

  • deterministic scan results and evidence are produced first
  • AI acts as a review/enrichment step based on the provided evidence
  • we design AI prompts to avoid exposing secret values and to prevent the model from inventing files or results that weren't provided

If you are uncomfortable with AI review, some plans or modes may allow you to disable it (where available).

5) What we do not do

  • We do not sell your personal information.
  • We do not intentionally collect sensitive personal data.
  • We do not publish your code or scan results publicly without your explicit action.
  • We do not display secret values found during scans. Where we detect potential secrets, we redact them and store only safe pointers.

6) Data storage and retention

We retain information only as long as needed for the purposes described above.

Typical retention may include:

  • account data while your account is active
  • scan metadata and results so you can view them later
  • uploaded snapshots and temporary scan workspaces are deleted after processing; we retain only scan results and minimal evidence

Exact retention periods may vary depending on plan, feature, and operational needs. You may request deletion as described below.

7) Sharing and disclosure

We may share information only in the following cases:

Service providers (subprocessors)

We use trusted providers to run the Service (for example, hosting, databases, storage, monitoring, AI providers, analytics, and payment processors). These providers process data on our behalf under appropriate agreements.

Legal requirements

We may disclose information if required by law, regulation, subpoena, or court order, or to protect rights and safety.

Business transfers

If Vibio is involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction.

8) Security

We take reasonable technical and organizational measures to protect information, such as access controls, encryption in transit, and limiting what we store.

However, no method of transmission or storage is 100% secure. You should use strong passwords and keep your account secure.

9) Your rights and choices

Depending on your location, you may have rights to:

  • access the personal information we hold about you
  • correct inaccurate information
  • request deletion of your personal information
  • object to or restrict certain processing
  • request a copy of your information (data portability)

To make a request, contact us at james@unbusy.work. We may need to verify your identity.

10) Cookies and analytics

We may use cookies or similar technologies for:

  • essential site functionality (sessions, security)
  • analytics (to understand usage and improve the Service)

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

11) International transfers

If we process information outside your country, we take steps to ensure appropriate safeguards are in place (such as standard contractual clauses where applicable).

12) Children's privacy

The Service is not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children.

13) Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and may provide additional notice where required.

14) Contact

Questions or requests: