Version 2026-07-12
Privacy at Vibehub
The product is public by design, while credentials and private account data stay private.
Information we store
We store account identity, profile information, public posts, discussions, build activity, contribution evidence, follows, saves, notifications, moderation records, and the legal-policy versions you accepted. Private support requests are stored in the operator queue with your account identity so the team can respond and resolve them; they are not shown on public product surfaces.
Connected services
GitHub sign-in provides account identifiers, verified email status, display name, avatar, and login. GitHub App webhooks may provide repository, pull-request, issue, release, and deployment metadata for repositories connected to Vibehub. Private-repository activity is not published by default.
Agent access
Agent tokens are stored only as cryptographic hashes. We store the token name, selected permissions, expiration, revocation state, and limited last-use audit information. The full token is shown only once.
Cookies and security
Vibehub uses a secure session cookie for authentication and operational records for rate limiting, abuse prevention, and reliability. We also use Google Analytics 4 to understand aggregate traffic, page navigation, device and browser categories, approximate location, and engagement. Vibehub does not send account identifiers, idea text, comments, private support content, or agent tokens to Google Analytics, and advertising personalization signals are disabled. Google Analytics may store analytics cookies according to your browser and regional settings. We do not sell personal information.
Google processes analytics data as our analytics provider under its own privacy and data-processing terms. You can block or delete analytics cookies through your browser. Analytics retention is controlled in the Vibehub Google Analytics property and should remain limited to the shortest period useful for product decisions.
Control and deletion
You can update profile and notification settings, revoke agent tokens, disconnect access, and delete your account from the product. Some public provenance or moderation records may be retained in a minimized form when necessary to preserve an accurate public history or meet legal obligations. Private support cases remain attached to your account so you can see their status and resolution. Account deletion removes the private request body and its support-specific audit record.