This page is maintained by the VibeCoden't team to answer common security questions about the Service. It is not an independent certification.
Account security
- Email + password and Google sign-in, with sessions handled by our managed auth provider.
- Passwords are hashed; we never see or store them in plaintext.
- Per-user rate limits on scan actions to mitigate abuse.
Data protection
- TLS in transit; encrypted storage at rest.
- Row-level security ensures users can only read their own scans and credits.
- Scan history is append-only; completed scan records cannot be modified.
- API keys for the scanner backend are stored as server-side secrets and never shipped to the browser.
Responsible disclosure
If you believe you've found a vulnerability in VibeCoden't itself, please email security@vibecodent.app. Please do not test against other users' accounts or data.