VIBELEGIT

PRIVACY POLICY

Last updated June 10, 2026

This Privacy Notice for fatih denli (doing business as VibeLegit) describes how and why we collect, store, use, and share your personal information when you use our Services at https://vibelegit.io.

Questions or concerns? Contact us at getvibelegit@gmail.com

1. WHAT INFORMATION DO WE COLLECT?

Information you provide to us

• Email address — provided during checkout, used to send your scan report
• Payment information — collected by Lemon Squeezy (we never see your card details)
• URLs submitted for scanning — the website addresses you submit for scanning

Information collected automatically

• IP address — used for rate limiting and security purposes
• Browser and device information — basic technical information for service delivery
• Usage data — pages visited, scan requests made

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for the following reasons:

• To deliver scan reports — we scan the URL you submitted and email the report to you
• To process payments — via Lemon Squeezy payment processor
• To generate AI-powered fix recommendations — submitted URLs and scan findings are processed by Anthropic's Claude AI API to generate personalised fix instructions
• To prevent abuse — IP addresses are used for rate limiting and fraud prevention
• To comply with legal obligations — we maintain audit logs of data deletion requests
• To respond to support requests — if you contact us via email

3. AI PROCESSING

VibeLegit uses Claude AI (by Anthropic) to generate fix recommendations for scan findings. When you purchase a Full Scan, the following data is sent to Anthropic's API:

• The URL you submitted
• The security and legal findings identified during the scan

This data is processed solely to generate fix recommendations and is subject to Anthropic's privacy policy available at anthropic.com/legal/privacy.

4. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

We share your data with the following third-party service providers:

• Lemon Squeezy — payment processing. Privacy policy: lemonsqueezy.com/privacy
• Anthropic — AI fix recommendations. Privacy policy: anthropic.com/legal/privacy
• Supabase — database storage. Privacy policy: supabase.com/privacy
• Vercel — website hosting. Privacy policy: vercel.com/legal/privacy-policy
• Resend — email delivery. Privacy policy: resend.com/legal/privacy-policy

We do not sell your personal information to third parties. We do not share your data with advertisers.

5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

Our servers are located in the United States (via Vercel and Supabase). If you are located in the EU, UK, or elsewhere, your data may be transferred to and processed in the United States. We take appropriate measures to protect your data during such transfers.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

• Scan reports — retained for 90 days, then permanently deleted
• Email addresses — retained for 1 year, then deleted
• Submitted URLs — deleted immediately after scan completion
• Audit logs — retained for 3 years for legal compliance
• Payment records — retained as required by Lemon Squeezy and applicable tax law

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate technical and organisational security measures including:

• HTTPS encryption for all data in transit
• Row Level Security (RLS) on our database
• Rate limiting to prevent abuse
• SSRF protection to prevent internal network access
• Webhook signature verification for payment events

However, no electronic transmission over the Internet can be guaranteed to be 100% secure.

8. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from children under 18 years of age. By using the Services, you represent that you are at least 18 years old.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location, you may have the following rights:

• Right to access — request a copy of your personal data
• Right to correction — request correction of inaccurate data
• Right to deletion — request deletion of your personal data
• Right to data portability — request your data in a portable format
• Right to object — object to processing of your personal data
• Right to withdraw consent — withdraw consent at any time

To exercise these rights, contact us at getvibelegit@gmail.com or visit vibelegit.io/contact.

If you are located in the EU or UK, you also have the right to complain to your local data protection authority.

10. COOKIES

We use minimal cookies necessary for the service to function. We display a cookie consent banner when you first visit the site. We do not use advertising or tracking cookies.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

We do not currently respond to DNT browser signals as there is no uniform technology standard for recognising and implementing DNT signals.

12. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary to stay compliant with relevant laws. We encourage you to review this Privacy Notice frequently.

13. HOW CAN YOU CONTACT US?

fatih denli (doing business as VibeLegit)
Email: getvibelegit@gmail.com
Address: Ali İhsan Gedik Cd., İzmir 35310, Turkey

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?

To request to review, update, or delete your personal information, please visit: https://vibelegit.io/contact or email getvibelegit@gmail.com.