Last updated: 10 March 2026 · This is a temporary policy for the MVP phase. A full policy will follow before commercial launch.
Vibe Architect is operated as an independent product. For data-related enquiries, contact us at support@kozo.one.
When you upload a codebase for scanning, we extract and process metadata only. This includes:
We never process, store, or transmit your source code.
Your actual code contents are read locally in your browser and discarded immediately. Only the extracted metadata is sent to our servers.
All server-side processing takes place exclusively on infrastructure located in Frankfurt, Germany (EU), operated via Vercel and Supabase. Your metadata does not leave the EU except as described in Section 4.
Extracted metadata (not source code) is passed to Claude (Anthropic) to generate your debt score, refactor roadmap, and AI constitution. Anthropic may process this data on servers located in the United States under standard contractual clauses (SCCs) in accordance with GDPR Article 46. No personally identifiable code, credentials, or source content is included in these requests.
Scan metadata and generated constitutions are retained for 90 days from the date of creation, after which they are automatically and permanently deleted. You may delete any scan or constitution from your account at any time before that date.
As a data subject under the GDPR, you have the right to:
To exercise any of these rights, contact support@kozo.one. We will respond within 30 days.
We use essential cookies only — specifically the session cookie required to keep you logged in. We do not use tracking cookies, advertising cookies, or any third-party analytics that set cookies without your explicit consent.
This is a temporary privacy policy for the MVP phase. A full, legally reviewed policy will replace it before any commercial launch. We will notify users of material changes via email at least 14 days before they take effect.
Questions? Email support@kozo.one