Privacy Policy

Last updated: 1 February 2025

This privacy policy explains how Further Forward Innovation Ltd ("we", "us", "our"), trading as Vibe Code Audit, collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Information you provide directly

• Contact information: name, email address, and company name when you submit our contact form or correspond with us.
• Payment information: billing details processed securely through Stripe. We do not store credit card numbers on our servers.
• Code and project data: source code and repository access you provide for the purpose of a security audit.
• Communications: emails, messages, and any other correspondence you send to us.

Information collected automatically

• Usage data: pages visited, time spent on pages, referring URLs, and other standard web analytics data.
• Device information: browser type, operating system, and screen resolution.
• IP address: collected for security purposes and analytics, anonymised where possible.

2. How We Use Your Information

We use the information we collect to:

• Provide our security audit services and deliver reports.
• Process payments and send order confirmations.
• Respond to your enquiries and provide customer support.
• Send service-related communications (audit progress, report delivery).
• Improve our website and services through analytics.
• Comply with legal obligations.

Our lawful bases for processing under UK GDPR are: performance of a contract (when we provide audit services), legitimate interests (website analytics and service improvement), and consent (where applicable, such as marketing communications).

3. Code Handling

Given the sensitive nature of source code, we apply strict data handling procedures specific to our audit service:

• Access: Your code is accessed only by the security engineer assigned to your audit. No other team members or third parties have access.
• Storage: Code is stored in encrypted storage during the audit period only. Repository access is read-only.
• Deletion: All copies of your code, working notes, and intermediate files are permanently deleted within 30 days of report delivery. We can provide written confirmation of deletion on request.
• No reuse: Your code is never used for training, benchmarking, demonstrations, or any purpose other than delivering your audit report.
• NDA: We are happy to sign a custom non-disclosure agreement before you share any code. Contact us to arrange this.

4. Cookies

We use the following types of cookies:

• Essential cookies: Required for the website to function properly (session management, security).
• Analytics cookies: Help us understand how visitors use our site. We use privacy-focused analytics that do not track individual users across sites.
• Payment cookies: Set by Stripe during the checkout process to facilitate secure payment.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our website.

5. Data Retention

• Source code: Deleted within 30 days of report delivery.
• Audit reports: Retained for 12 months to support follow-up queries, then deleted unless you request otherwise.
• Contact information: Retained for as long as necessary to provide our services and respond to enquiries, or until you request deletion.
• Payment records: Retained for 7 years in accordance with UK tax and accounting requirements.
• Analytics data: Retained in anonymised form for up to 26 months.

6. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe: For payment processing. See Stripe's privacy policy.
• Email service provider: For transactional emails (order confirmations, report delivery).
• Analytics provider: For website analytics, using anonymised data only.

All third-party processors are UK or EU-based, or operate under appropriate safeguards for international data transfers.

7. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Restriction: Request that we limit how we use your data.
• Portability: Request your data in a structured, machine-readable format.
• Object: Object to our processing of your data where we rely on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@vibecodeaudits.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us:

• Email: hello@vibecodeaudits.co.uk
• Company: Further Forward Innovation Ltd
• Country: United Kingdom

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.