Privacy Policy

1. What We Collect

When you create an account, we collect your email address, a bcrypt-hashed password (we never store your plaintext password), and an optional display name.

When you use the API or dashboard, we collect scan submissions (MCP server names and agent skill content you submit for analysis), scan results, and usage counts for quota enforcement. We store a Stripe customer ID when you subscribe to a paid plan — we never store payment card details directly (those are handled by Stripe).

We collect standard server logs including IP addresses, request paths, and timestamps for security monitoring and rate limiting.

2. How We Use Your Data

• To operate the service, authenticate your session, and enforce API quotas
• To process subscription payments via Stripe
• To improve scan detection patterns and the trust registry
• To send transactional emails (password reset, account notifications) — no marketing emails without consent
• To detect and prevent abuse, fraud, and unauthorized access

We do not sell your personal data to third parties.

3. Payments & Stripe

All payment processing is handled by Stripe (stripe.com). When you subscribe, you are redirected to Stripe's hosted checkout page. Vigile receives a Stripe customer ID and subscription status — we never receive or store your full card number, CVV, or banking information. Stripe's privacy policy governs their handling of payment data: stripe.com/privacy.

4. Cookies & Session Storage

We use a single httpOnly session cookie (vigile_session) to authenticate your browser session. This cookie is strictly necessary for the service to function — it does not track you across other sites and is deleted when you sign out.

We use Plausible Analytics for anonymous, cookieless page view statistics. Plausible does not use cookies and does not collect personal data or track individuals.

5. Third-Party Services

We use the following third-party services to operate Vigile:

• Stripe — payment processing and subscription management
• Railway — API hosting and database (PostgreSQL)
• Vercel — frontend hosting
• Sentry — error monitoring (stack traces, not personal data)
• SendGrid — transactional email delivery
• Plausible — cookieless, privacy-respecting analytics

Each provider operates under their own privacy policy and data processing agreements.

6. Data Retention

Account data is retained while your account is active. Scan history retention depends on your subscription tier (7 days for Pro, 30 days for Pro+, session-only for Free). Server logs are retained for up to 90 days. If you delete your account, your personal data is removed within 30 days, except where retention is required by law or for fraud prevention.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing support@vigile.dev. You may also export your scan history from the dashboard. If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under GDPR/UK GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Security

We use industry-standard security practices: bcrypt password hashing, httpOnly cookies with SameSite protection, HTTPS-only communication, and least-privilege database access. API keys are stored as HMAC-SHA256 hashes — we cannot retrieve the plaintext value of a key after it is issued. No security measure is perfect; please use a strong, unique password.

9. Changes to This Policy

We may update this policy as the service evolves. Material changes will be noted by updating the date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the revised policy.

10. Contact

Privacy questions or data requests: support@vigile.dev