// security

How we handle your code

You're trusting us with your source code. We take that seriously. Here's exactly how we protect it.

🔒

Free tier code is processed in memory and discarded immediately after analysis. We never write your source code to disk or a database.

🔐

All data is transmitted over HTTPS/TLS. Code submitted for analysis is encrypted from your browser to our servers.

🚫

We do not use submitted code to train AI models — ours or anyone else's. Your code is used solely for analysis.

🏗️

We collect only what's needed: scores, issue metadata, and anonymous usage data. We don't track individual code content.

☁️

Our analysis runs on Vercel's edge network with automatic scaling, DDoS protection, and enterprise-grade uptime.

🔑

All API keys and credentials are stored in encrypted environment variables. No secrets in source code — we practice what we preach.

How analysis works

Your code is sent over HTTPS to our analysis endpoint. No account required for the free tier.

Our engine runs regex-based security pattern detection, structural complexity analysis, and nesting depth checks — all in-process, no disk writes.

The code is sent to OpenAI's API (GPT-4o-mini) for additional analysis. OpenAI does not use API inputs for training per their data usage policy.

Results are calculated and returned to your browser. On the free tier, the code is immediately discarded — nothing is retained server-side.

If you discover a security vulnerability in VibeCheck itself, we want to know. Please report it responsibly so we can fix it before it affects users.

Email us at hello@vibecheck.expert with details of the vulnerability. Please include steps to reproduce.

We're happy to answer any questions about how we handle your data.