Skip to content

Legal

Security

Security posture, in plain language. For our full security packet or to report a vulnerability, contact security@vibely.ai.

Last updated May 20, 2026

1.Infrastructure

All traffic is encrypted in transit (TLS 1.2+) and all customer data at rest (AES-256).

Production runs in SOC 2-audited cloud regions with isolated networks, least-privilege access, and hardware-key MFA for all staff.

2.Application security

Every release passes static analysis and dependency scanning; external penetration tests run twice a year.

Workspace data is tenant-isolated at the query layer. Private plugins execute in sandboxed workers with no cross-workspace access.

3.AI-specific controls

Prompts and outputs are encrypted like all other content and excluded from shared model training by default.

Enterprise model routing keeps inference inside approved providers, with full request audit logs.

4.Disclosure

We run a coordinated disclosure program. Report issues to security@vibely.ai — we acknowledge within 24 hours and don't pursue good-faith research.

Questions about this document? Write to legal@vibely.ai — we answer legal mail like support mail: quickly and in plain language.

Paperwork read. Canvas awaits.

Free plan · No credit card · Exports you own