Last updated May 20, 2026
1.Infrastructure
All traffic is encrypted in transit (TLS 1.2+) and all customer data at rest (AES-256).
Production runs in SOC 2-audited cloud regions with isolated networks, least-privilege access, and hardware-key MFA for all staff.
2.Application security
Every release passes static analysis and dependency scanning; external penetration tests run twice a year.
Workspace data is tenant-isolated at the query layer. Private plugins execute in sandboxed workers with no cross-workspace access.
3.AI-specific controls
Prompts and outputs are encrypted like all other content and excluded from shared model training by default.
Enterprise model routing keeps inference inside approved providers, with full request audit logs.
4.Disclosure
We run a coordinated disclosure program. Report issues to security@vibely.ai — we acknowledge within 24 hours and don't pursue good-faith research.
Questions about this document? Write to legal@vibely.ai — we answer legal mail like support mail: quickly and in plain language.