Data controls
Last updated July 2026
What Unvibe keeps, where it lives, and how you stay in control. Private code contents are never written to analytics or application logs, and secrets are filtered on-device before any transmission.
What is stored and where
- Learning events (reviews, outcomes, concepts, streaks) live on your device and, if you are signed in, sync to our backend. A successful account deletion removes the associated primary database rows.
- Account data (email, tokens) is stored on the backend until you delete your account; tokens are revoked on sign-out or deletion.
- Your auth token is stored locally in the operating system keychain, encrypted at rest.
- Code sent for a review is transmitted to the AI provider to generate the explanation. We do not persist raw reviewed code beyond generating that explanation; the provider's own retention governs their side.
Retention
Learning and account data are kept until you remove them. Primary-record, backup, provider, and operational-log timelines will be finalized before the external beta; this page does not promise deletion from systems we have not yet verified.
Exclusions and consent
Cloud analysis begins only after an explicit review action. Full payload preview and per-repository consent controls are still being completed. Default exclusions cover .env files, keys, node_modules, and build output, and you can add your own rules in a .unvibeignore file.
Access, export, and deletion
You can access and export your data, and you can delete your account to remove it from your device and our servers. If you never created an account, your data only ever lived on your Mac. Depending on where you live, you may have additional rights under laws such as GDPR or CCPA.
AI provider use
Unvibe does not build its own training dataset from your code. The configured AI provider, retention window, and applicable data-use terms will be disclosed and reviewed before cloud beta access is enabled.