Will It Vibe?

Privacy

Last updated July 17, 2026

The short version: scanning happens in your browser, we never receive the folders or zips you drop, and when you save a scan we store the computed report, not your source code.

Where your code goes

When you drop a folder or pick a zip, the scan runs entirely inside your browser in a Web Worker. The files are read locally, checked locally, and discarded when you close the tab. They are never uploaded to us, not even partially.

When you scan a GitHub repository by URL, our server fetches the repository tarball from GitHub and streams it to your browser, because browsers cannot fetch it from GitHub directly. The code passes through our server in transit and is not written to storage or logs. The scan itself still runs in your browser.

What we store, and when

Nothing is stored unless you choose to save a scan. If you do, we keep the computed report: the scores, which rules fired, the finding messages, and the file paths and line numbers they point to. File paths and finding messages can reveal things about your project (a message about a hardcoded key includes its location, for example), so treat a saved report link with the same care as the code it describes.

Saved reports are unlisted by default: reachable only by their unguessable link, not listed anywhere public. If you explicitly make a scan public it appears in the gallery. You can switch it back to unlisted at any time.

If you create an account we store your email address and sign-in credentials (passwords are hashed, or you can use magic links). If you buy something we keep order records: which scan was unlocked, the amount, and the email used for the receipt.

Payments

Payments are processed by Stripe. Your card number goes to Stripe directly and never touches our servers. We receive confirmation of payment, the last state of your subscription if you have one, and the receipt email address.

Cookies and tracking

We set a session cookie when you sign in, and that is the only cookie we use. There are no advertising trackers and no third-party analytics scripts on this site. The site is served through Cloudflare, which produces standard operational logs (IP addresses, request paths) that we use for abuse prevention and debugging.

Email

We send email only when there is a reason: sign-in links, receipts, a report you asked to have emailed, and repo-watch alerts if you are a Pro subscriber and set them up. Watch alerts include a one-click unsubscribe link that works without logging in. We never sell or share email addresses.

Deleting your data

You can delete your saved scans from your account, and deleting a scan removes the stored report. To delete your whole account and everything attached to it, email support@willitvibe.work from the account address and we will do it within 7 days.

Questions

Anything unclear, ask: support@willitvibe.work.