VibeSEO

Privacy Policy

Effective Date: September 1, 2025

This Privacy Policy explains how VibeSEO ("we," "us") collects, uses, and shares information when you use our Service.

Table of Contents

1. Information We Collect

  • Account & Billing. Name, email, organization, authentication identifiers; billing details handled by our payment processor.
  • Repository Access. Installation IDs, repo names/IDs, minimal tokens/scopes; files read to analyze structure and insert SEO artifacts; files we write/commit or PR.
  • Domains/DNS. When enabled, registrar/DNS provider identifiers and records we propose/change (e.g., verification TXT, A/AAAA, CNAME) via APIs (e.g., GoDaddy).
  • Prerender Hosting. Bot-facing HTML snapshots you enable; request logs (timestamp, IP, user agent), cache status/metadata processed via our CDN.
  • Telemetry/Logs. Feature usage, action timestamps, status codes, IP, user agent, inferred locale; error traces.
  • Cookies. Essential cookies for session/auth; optional analytics cookies (see §8).

2. How We Use Information

  • Provide, secure, and improve the Service (scan/analyze, generate artifacts, push changes, manage DNS, prerender/edge proxy).
  • Display findings/diffs; provide support and transactional notices; prevent abuse and debug.
  • Comply with legal obligations (tax, accounting, security).
  • Legal bases (EEA/UK). Contract performance (Service delivery), legitimate interests (security, product improvement), consent (non-essential cookies/analytics), legal obligation (records).

3. Third Parties & Subprocessors

We use vetted providers for hosting, CDN, logging/observability, payments, registrar/DNS APIs (e.g., GoDaddy API), and analytics. We do not sell or share personal information for cross-context behavioral advertising.

4. GitHub/Registrar/DNS Access

We request only the minimum scopes required to scan selected repos and write SEO artifacts. Access is limited to repos and domains you select; you may revoke via GitHub and your registrar/DNS consoles at any time. We process repo content ephemerally to generate Output and do not intentionally retain source code beyond transient windows needed for processing (except artifacts/snapshots you elect to host).

5. Prerender Hosting & Public Nature

Snapshots are public by design for crawlers. You control which routes we snapshot and may purge snapshots in-product; caches/CDNs may retain content briefly due to propagation. You can disable hosting at any time.

6. Security

We implement administrative, technical, and physical safeguards appropriate to the nature of data processed, including encryption in transit/at rest, secrets management, least-privilege access, and audit logging. If we learn of unauthorized access affecting you, we will notify you without undue delay and share remediation steps.

7. Retention

  • Account/billing: while the account is active and as required by law.
  • Scan artifacts: typically deleted within 7 days after completion unless you pin a run.
  • Hosted snapshots: retained until you purge/disable.
  • Ops/security logs: up to 12 months.

We may retain minimal records for legal/accounting requirements and may anonymize/aggregate data for analytics/product improvement.

8. Cookies & Analytics

Essential cookies operate the app (authentication, security, preferences).

Analytics help us understand reliability and usage (no advertising cookies). Where required, we obtain consent for non-essential cookies and provide granular controls in-product or via your browser.

9. Your Choices & Rights

  • Connect/disconnect repos; limit org/repo scope.
  • Configure ignore rules (e.g., .env, secrets/) - we honor them.
  • Enable "review before push" and approve PRs/commits.
  • Export/delete account data by request (subject to legal retention).
  • Purge snapshots; revert DNS changes in your registrar/DNS console.
  • EEA/UK residents: rights to access, correct, delete, restrict, object, and portability.
  • California residents (CCPA/CPRA): rights to know, correct, delete, and opt-out of sharing; we do not sell personal information. We will not discriminate for exercising rights.

10. International Data Transfers

We may process data in the U.S. and other locations where we or our subprocessors operate. Where required, we use appropriate safeguards, including Standard Contractual Clauses and supplementary measures.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children; if we learn we have, we will delete it.

12. Model Training Disclosure

We do not use repository contents or hosted snapshots to train generalized machine-learning models. We may use aggregated, de-identified telemetry to improve the Service.

13. Changes to this Policy

We may update this Policy. Material changes will be communicated in-product or by email. Where required, we will obtain consent for material changes that affect how we use personal information.

14. Contact

hi@tryvibeseo.com