Data controls
Last updated July 2026
What Unvibe keeps, where it lives, and how you stay in control. Private code contents are never written to analytics or application logs, and secrets are filtered on-device before any transmission.
What is stored and where
- Learning events (reviews, outcomes, concepts, streaks) live on your device and, if you are signed in, sync to our backend. Removed immediately from primary storage when you delete them or your account.
- Account data (email, tokens) is stored on the backend until you delete your account; tokens are revoked on sign-out or deletion.
- Your auth token is stored locally in the operating system keychain, encrypted at rest.
- Code sent for a review is transmitted to the AI provider to generate the explanation. We do not persist raw reviewed code beyond generating that explanation; the provider's own retention governs their side.
Retention
Learning and account data are kept until you remove them, then deleted immediately from primary storage. Encrypted backups may persist for a short rotation window before aging out. Analytics logs are metadata only and exclude the contents of your code.
Exclusions and consent
Cloud analysis is off until you grant consent per repository, and you can preview exactly what would be sent first. Default exclusions cover .env files, keys, node_modules, and build output, and you can add your own rules in a .unvibeignore file.
Access, export, and deletion
You can access and export your data, and you can delete your account to remove it from your device and our servers. If you never created an account, your data only ever lived on your Mac. Depending on where you live, you may have additional rights under laws such as GDPR or CCPA.
No training on your code
We use a provider configuration that does not train on submitted data, and we do not train models on your private code.