We don't profile you.
Vibestrate is an open-source educational project run by volunteers. We do not sell anything, do not run ad networks, do not build user profiles, and do not have customers. We collect only the minimum aggregate analytics needed to know whether anyone is using the site.
Analytics on this site
This site uses Cloudflare Web Analytics - a privacy-respecting, cookieless analytics service that runs at the network edge.
What it records:
- Aggregate page views per URL and per day.
- Country-level geography (no city, no IP retention).
- Referrer (the site you came from) and browser/device family.
What it does not record:
- No cookies - nothing is stored on your device.
- No persistent identifier - visits cannot be linked to each other or to you.
- No fingerprinting.
- No cross-site tracking.
Cloudflare's privacy policy: cloudflare.com/privacypolicy. To block analytics entirely, a tracker-blocker extension (uBlock Origin, Privacy Badger) handles this automatically - we won't try to evade it.
What else this site uses
- No third-party fonts - fonts are self-hosted (Geist, Geist Mono, Bricolage Grotesque) from this domain.
- No advertising or marketing scripts. No Google Tag Manager, no Facebook Pixel, no LinkedIn Insight, no Hotjar, no anything.
- No forms, no email capture, no signup wall, no chat widget.
What our host (Cloudflare) sees
Cloudflare serves this site and routes traffic. Cloudflare's edge observes connection metadata required to deliver any website: your IP address, the URL you requested, your User-Agent header, and timing. This is true of every website on the internet.
We do not have access to Cloudflare's raw logs.
The Vibestrate software
The Vibestrate daemon, CLI, and Mission Control UI run entirely on your machine. The software:
- Does not phone home. No telemetry, no version-check beacon, no usage stats.
- Does not require an account. There is no Vibestrate login.
- Does not proxy your code, prompts, or model outputs through any third-party service.
- Connects only to the AI model providers you explicitly configure, using your own API keys. Those vendors' privacy policies apply to that traffic, not ours.
Your credentials and usage never leave your machine
This deserves to be its own section because it's the most common concern. Vibestrate's architecture makes a few hard guarantees:
- Your API keys never touch us. Vibestrate does not store, request, or transmit your Anthropic / OpenAI / Google / vendor credentials. Those keys live in the respective vendor CLIs (claude, codex, gemini, ollama) - the same place they already lived before you installed Vibestrate. Vibestrate just spawns those CLIs as child processes and reads their stdout.
- No model proxy. Your prompts and the model's responses travel directly between your installed CLI and the vendor's servers. Vibestrate is not in the middle. We do not see, log, store, or forward a single byte of your code, prompts, or model output.
- The ledger is an estimate, computed locally. Token counts, cost figures, durations, and per-model breakdowns shown in Mission Control are computed on your machine from the CLI output (token counters the vendor CLI prints, model-pricing tables Vibestrate ships). They are approximations for your own budgeting - not authoritative billing data. The vendor's dashboard is the source of truth for what you actually owe.
- No usage telemetry, ever. Your ledger entries are saved to a local SQLite file in your Vibestrate data directory. They are not synced, uploaded, or aggregated to any server. We do not know who runs Vibestrate, how often, on what models, or at what cost. We cannot - there is no callback URL anywhere in the codebase that would let us.
All of the above is auditable: the source is public. Search the repo for fetch(, https://, or any network call. The only outbound traffic from Vibestrate itself is to localhost sockets and to the version-check endpoint of npm / brew when you install (handled by your package manager, not us).
Your rights, plainly
Because we do not collect identifying data on this site, there is no record of you specifically that we could access, correct, port, or delete. If you have a question or concern, the best place to raise it is a GitHub Discussion on the main repository.
Changes
If we ever start collecting any additional data (for example, an opt-in mailing list), we will update this page and announce the change in the project changelog before doing so.
