VibeCheckVibeCheck

Privacy Policy

Last updated: March 24, 2026

Askraa LLC ("Askraa," "we," "us," or "our") operates the VibeCheck code review platform available at askraa.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Personal Information

When you create an account or use our Service, we may collect the following personal information:

  • Email address
  • First name and last name
  • Profile image
  • Authentication credentials (password hashes stored securely via bcrypt; we never store plaintext passwords)
  • Google OAuth identifier (if you sign in with Google)

1.2 Financial and Billing Data

When you subscribe to a plan or purchase credits, we collect and store the following through our payment processor, Stripe:

  • Stripe customer ID and subscription ID
  • Subscription tier and status
  • Payment method metadata: card brand, last 4 digits, and expiration date
  • Payment history: amounts, currency, status, and descriptions

We do not store full credit card numbers, CVVs, or complete card details. All payment processing is handled securely by Stripe.

1.3 GitHub Data

If you connect your GitHub account for code reviews, we collect:

  • GitHub user ID and username
  • GitHub App installation ID
  • Repository names, URLs, branches, visibility, and descriptions
  • Source code accessed temporarily for the purpose of performing code reviews (source code is not permanently stored by the web application; it is sent to our processing service for analysis)

1.4 Code Review Data

When you submit code for review, we collect:

  • Repository references and branch names
  • ZIP file uploads (temporarily stored and deleted after basic review completion)
  • Review results including scores, issues identified, and engineer comments, stored as structured data

1.5 Session Data

We store session data in our database to maintain your authenticated state. Sessions are identified by a session cookie.

1.6 Email Communication Data

We maintain logs of emails we send to you, including:

  • Recipient email address
  • Email type (e.g., verification, magic link, review notification)
  • Subject line
  • Delivery status

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account
  • To authenticate your identity and maintain secure sessions
  • To process payments and manage your subscription
  • To perform AI-assisted and human-reviewed code reviews
  • To send you transactional emails such as magic links, email verification, and review completion notifications
  • To provide customer support and review approval
  • To improve and optimize our Service
  • To analyze usage patterns and site performance
  • To facilitate cross-platform authentication with partner services (VibeMarket)

3. Cookies and Tracking Technologies

We use the following cookies:

3.1 Essential Cookies

  • vibecheck_sid — Session cookie used to maintain your authenticated state
  • oauth_state — Temporary cookie for CSRF protection during Google OAuth authentication
  • github_oauth_state — Temporary cookie for CSRF protection during GitHub OAuth authentication
  • github_oauth_user — Temporary cookie to verify user identity during GitHub OAuth callback

3.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our Service. Google Analytics uses cookies such as _ga, _gid, and similar identifiers to collect information about page views, user behavior, and site performance. This data is aggregated and anonymized where possible. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4. Third-Party Services

We share data with or use the following third-party services to operate our platform:

  • Stripe — Payment processing. Stripe receives your payment information directly and is governed by the Stripe Privacy Policy.
  • Amazon Web Services (AWS) — We use AWS SNS for task queueing related to code analysis, and S3-compatible storage for file uploads and profile images.
  • Google — We use Google OAuth for authentication and Google Analytics for site analytics.
  • GitHub — We integrate with the GitHub API to access your repositories for code review purposes, based on the permissions you grant through the GitHub App installation.
  • VibeMarket — Our partner marketplace platform. Cross-platform user creation and authentication may occur to facilitate access to related services.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • ZIP file uploads submitted for basic code reviews are temporarily stored and deleted after review completion.
  • Source code accessed from GitHub for review analysis is not permanently stored by our web application; it is transmitted to our processing service for analysis.
  • Review results (scores, issues, comments) are retained as part of your review history.
  • Payment records are retained as required for accounting and legal compliance.
  • Session data expires automatically based on session timeout settings.
  • Email logs are retained for operational and troubleshooting purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Passwords are hashed using bcrypt before storage
  • Session cookies are HTTP-only, secure, and use the SameSite attribute
  • CSRF protection for OAuth flows via state tokens
  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
  • Payment information is processed by Stripe's PCI-compliant infrastructure

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • The right to access the personal information we hold about you
  • The right to request correction of inaccurate information
  • The right to request deletion of your personal information
  • The right to withdraw consent for data processing
  • The right to data portability

To exercise any of these rights, please contact us using the information provided below.

8. Administrative Access

Authorized administrative personnel may access user data, reviews, feedback, and email logs for the purposes of customer support, review approval, and platform maintenance.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: