UseVibeFlow Back to home
Legal

Security

Last updated: June 25, 2026

Security is built into how UseVibeFlow works. The app is local-first: agents run on your own machine, inside your own project folder, using your own AI provider plan — so your source code stays with you. This page describes our approach and how to report a vulnerability to Neortal Technologies Inc.

1. Our approach

We design UseVibeFlow to minimize the data we hold in the first place. By keeping execution and your code on your own device, we reduce the attack surface and limit what could ever be exposed through us. We layer reasonable administrative, technical, and physical safeguards on top of that local-first foundation.

2. Where your data lives

  • Your code stays local. Source files, projects, and the work agents perform remain on your machine. Neortal does not collect or store your source code.
  • Prompts go to your provider. The context you choose is sent to your configured AI model provider under your own credentials, secured in transit by their systems.
  • Minimal data with us. Information we do hold — such as contact requests, account or license records, and limited diagnostics — is protected as described in our Privacy Policy.

3. Application security

  • Released builds are intended to be distributed through trusted channels; verify downloads come from official UseVibeFlow sources.
  • Agent activity is scoped to the project folder you open, so you stay in control of what the swarm can read and change.
  • We work to keep dependencies current and to address security-relevant defects in a timely manner.

4. Website & infrastructure

  • The website is served over HTTPS/TLS.
  • Any back-end services and service providers we use are selected with security in mind and bound by contractual confidentiality and security obligations.
  • Access to systems that hold personal information is restricted on a need-to-know basis.

5. AI provider security

UseVibeFlow relies on third-party AI providers (for example, Anthropic's Claude) that you connect with your own plan. Data you send to those providers is handled under their security and privacy programs. We recommend reviewing your provider's security documentation and configuring your account (keys, retention, and access controls) according to your own requirements.

6. Access & accounts

If you create an account or activate a license, protect your credentials and keep your contact details current. Do not share licenses or keys, and notify us promptly if you suspect unauthorized access. You are responsible for securing the devices on which you install the app.

7. Report a vulnerability

We welcome responsible disclosure from the security community. If you believe you have found a security vulnerability in UseVibeFlow or our website, please email us with enough detail to reproduce the issue. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and do not access, modify, or destroy data that is not yours.

Security reports — Neortal Technologies Inc.

Email: security@neortal.com

We will not pursue legal action against good-faith research that follows this policy.

8. Incident & breach response

We maintain procedures to detect, investigate, and respond to security incidents. If a confidentiality incident involving personal information presents a risk of serious injury, we will notify affected individuals and the relevant authorities as required by applicable law, including Quebec's Law 25 and Canada's PIPEDA, and keep a register of such incidents.

9. Contact

For general security questions, contact:

Neortal Technologies Inc.

Security: security@neortal.com

General: contact@neortal.com

Province of Quebec, Canada