Privacy

Code privacy commitments

VibeFix uses read-only access to analyze submitted repositories. We do not train models on customer code. Projects can be deleted after report generation, and deeper review runs through RubberDuck semantic analysis when selected.

Access

GitHub access is scoped for repository reading. ZIP uploads are treated as temporary analysis inputs.

• GitHub access is read-only for repository analysis.
• Private repos and ZIP uploads are supported without requiring a public repo.
• Customer code is not used for model training.
• Deep semantic review runs through RubberDuck analysis when selected.
• Secrets should be redacted from report UI and logs.
• Production storage should support delete-after-report and access revocation.

Deletion

V1 includes a delete-after-report operating model; production storage should enforce retention and deletion policies before launch.

Deep Review

Automated report generation runs without manual code review. Deep semantic reviews run a broader RubberDuck analysis pass before the project is scoped into a fixed-scope recommendation.