Privacy Policy

Last updated: January 25, 2026

Overview

/vibe is a social layer for developers using Claude Code. This policy explains what data we collect, how we use it, and your rights.

We are committed to transparency. /vibe is local-first - your session data lives on your machine in ~/.vibe/ and you can inspect it at any time.

Data We Collect

Account Information: Your handle (typically your X/Twitter username), and optionally your email for notifications.

Presence Data: When you are online, what you are working on (one-liner you provide), and your status (shipping, debugging, etc.).

Messages: Direct messages you send to other users through /vibe.

Session Data: If you choose to broadcast or share sessions, we store the session content, timestamps, and metadata.

Usage Analytics: Anonymous usage patterns to improve the product. No personal data is included.

How We Use Your Data

To provide the core /vibe functionality: presence, messaging, session sharing
To show your profile to other users (handle, what you are building)
To send you notifications about messages and activity (if enabled)
To improve the product based on aggregate usage patterns
To detect and prevent abuse

Data Storage

Local Data: Your thread memories and local preferences are stored in ~/.vibe/ on your machine. This data never leaves your device unless you explicitly share it.

Cloud Data: Presence information, messages, and shared sessions are stored on our servers hosted on Vercel and Neon (PostgreSQL).

Data Sharing

We do not sell your data. We do not share your data with third parties except:

When required by law
To provide the service (e.g., displaying your presence to other users)
With your explicit consent

Data Retention

We retain your data for as long as your account is active or as needed to provide services:

Account Data: Retained until you delete your account
Messages: Retained for 2 years, then automatically deleted
Presence History: Retained for 90 days
Session Recordings: Retained for 1 year unless you delete them earlier
Analytics Data: Aggregated and anonymized after 30 days
Server Logs: Retained for 14 days for security and debugging

After account deletion, we remove your personal data within 30 days, except where retention is required by law.

Your Rights

Access: You can request a copy of your data at any time
Deletion: You can request deletion of your account and associated data
Portability: Your local data in ~/.vibe/ is always accessible to you
Correction: You can update your profile information at any time

Cookies & Local Storage

/vibe uses minimal cookies and local storage:

Cookie/Storage	Purpose	Duration
vibe_session	Authentication - keeps you logged in	7 days
vibe_handle	Stores your handle for quick access	30 days
localStorage: vibe_*	UI preferences (theme, panels)	Persistent
_vercel_*	Analytics (anonymous page views)	Session

Essential Cookies: Authentication cookies are required for the service to function. You cannot opt out of these while using /vibe.

Analytics: We use Vercel Analytics for anonymous usage tracking. No personal identifiers are collected. You can block these with browser extensions like uBlock Origin.

Third-Party Cookies: We do not use third-party advertising or tracking cookies.

Managing Cookies: You can clear cookies in your browser settings at any time. Note that clearing authentication cookies will log you out.

International Users (GDPR)

If you are in the European Economic Area (EEA), UK, or other regions with data protection laws:

Legal Basis: We process your data based on your consent (account creation) and legitimate interest (providing the service)
Data Transfers: Your data may be transferred to and processed in the United States. We use standard contractual clauses where required.
Right to Object: You may object to processing based on legitimate interest
Right to Erasure: Request deletion of your data at any time
Data Portability: Request a copy of your data in a portable format
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

To exercise these rights, contact privacy@slashvibe.dev.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you
Right to Delete: You can request deletion of your personal information, subject to certain exceptions
Right to Opt-Out: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected:

Identifiers (handle, email, GitHub username)
Internet activity (presence status, messages, session data)
Geolocation (country-level only, derived from IP)

How to Exercise Your Rights: Email privacy@slashvibe.dev with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

Security

We use industry-standard security measures including HTTPS encryption, secure database connections, and regular security reviews. However, no system is 100% secure.

Children

/vibe is not intended for users under 13 years of age. We do not knowingly collect data from children.

Changes

We may update this policy. Significant changes will be announced through the /vibe changelog or email.

Contact

For privacy concerns: privacy@slashvibe.dev

General contact: seth@slashvibe.dev