Your prototypes. Your data. Your choice.
VibeSharing is built on a simple principle: you own everything you put in. We host it, we never claim it, and you can take it out anytime.
You own your code. Period.
When you deploy a prototype to VibeSharing, your source code lives in a GitHub repository under your organization's namespace. We never claim ownership, license rights, or use your code for training. You can clone, fork, or delete your repos at any time.
Full Git history is yours
Every commit, branch, and version lives in a standard GitHub repo you control
No vendor lock-in
Your prototypes are standard Next.js apps. Take them anywhere.
No training on your data
Your code, designs, and feedback are never used for AI training or shared with third parties
Where your data lives
Source code
GitHub — your org's repos, standard Git
Hosted prototypes
Vercel — deployed from your GitHub repo
Metadata & feedback
Supabase (PostgreSQL) — encrypted at rest
Context & CLAUDE.md
Stored in database + synced to GitHub repo
Data privacy by design
We collect the minimum data needed to run the platform. Nothing more.
No analytics on your prototypes
We don't inject tracking scripts into your prototypes. Your stakeholders aren't tracked, fingerprinted, or profiled when they view your work.
Organization isolation
Each organization's data is fully isolated. Row-level security policies enforce that Organization A can never see Organization B's prototypes, feedback, or context.
Minimal data collection
We store your email, display name, and avatar for authentication. Feedback includes the commenter's name. That's it. No usage telemetry, no behavioral analytics.
Authentication & access control
Multiple layers of access control, from org-level down to individual prototypes.
Email + password authentication
Powered by Supabase Auth with bcrypt hashing and secure session management
Role-based access
Admin, Editor, and Member roles control who can deploy, manage settings, and invite team members
Team-based GitHub permissions
GitHub Teams ensure each org's members only have push access to their own repos
Deploy tokens
Personal API tokens for CLI and MCP access. Scoped to your org, revocable anytime.
Row-level security
PostgreSQL RLS policies enforce data isolation at the database level — not just the application layer
GitHub OAuth (optional)
Connect your GitHub account for Push to Deploy. OAuth tokens are encrypted and never shared.
Infrastructure
Built on trusted, audited infrastructure from providers you already know.
Vercel
Hosting & CDN. SOC 2 Type II compliant. Edge network with automatic HTTPS.
Supabase
Database & auth. SOC 2 Type II compliant. Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
GitHub
Source code storage. SOC 2 Type II compliant. Team-based access control with audit logging.
Common questions
Can I export or delete all my data?
Yes. Your source code is always in GitHub — clone it anytime. For metadata (feedback, context entries, project info), contact us and we'll provide a full export or complete deletion.
Do you use my prototype code for AI training?
No. Your code, feedback, and context data are never used for AI training, model improvement, or any purpose other than running the VibeSharing platform for you.
What happens to my data if I cancel?
Your GitHub repos remain yours — they're in your org's namespace. Database records (feedback, context) are retained for 90 days after cancellation, then permanently deleted. You can request immediate deletion at any time.
Can other organizations see my prototypes?
No. Row-level security policies enforce strict org isolation at the database level. There is no cross-org data access, even for VibeSharing staff. Admin access requires explicit authorization and is logged.
Is the connection between my editor and VibeSharing secure?
Yes. All API calls use HTTPS (TLS 1.2+). Deploy tokens are transmitted via Authorization headers and validated server-side on every request. MCP connections use the same auth layer.
Do you have a SOC 2 report?
VibeSharing itself is not yet SOC 2 certified, but our infrastructure providers (Vercel, Supabase, GitHub) all hold SOC 2 Type II certifications. We're evaluating SOC 2 certification as we scale.
Questions about security?
We're happy to walk through our security model with your team. Reach out anytime.