Vibe Toolbox
Start trial

Privacy

Local-first data boundary.

Last updated 2026-05-13. The default posture is local-first. Anything that leaves the device is opt-in or required for paid features.

Local-first by design

Your repo stays local. The cloud handles accounts, not your source.

Vibe Toolbox runs agent CLIs locally, stores project and session state in a local SQLite database, and only talks to the cloud for what the cloud should actually do.

On your machine

  • desktop app + daemon
  • local SQLite store
  • agent CLIs (Codex, Claude)
  • local repos + worktrees
  • prompts · diffs · terminal output

Vibe Toolbox Cloud

  • account + GitHub identity
  • signed entitlement (Stripe)
  • release access
  • hosted team relay (planned)
  • opt-in diagnostics
default boundary: source code, prompts, diffs, terminal output, and model responses never leave the device.

What stays on your machine

  • Project files and worktrees
  • Prompts and model output
  • Execution diffs and checkpoint commits
  • Terminal, test, browser, and Playwright output
  • Audit events, todos, rules, and MCP capability data

What the cloud touches

  • Email + GitHub identity for sign-in
  • Stripe subscription + signed entitlement
  • Up to 3 device activations + offline grace
  • Hosted relay (only when paid Team ships)
  • Diagnostics — only when you export them
windows-first · signed updater

Details

What we store, where, and why.

Local-only data

  • · Project files, worktrees, and base-branch metadata
  • · Prompts, model output, structured agent events
  • · Execution diffs, prompt markers, checkpoint commits
  • · Terminal output, test runs, browser + Playwright artifacts
  • · MCP capability data, hooks, rules, audit entries
  • · Recovery checkpoints and resume identifiers

storage location: per-project SQLite owned by the local daemon.

Cloud-touched data

  • · Email + GitHub identity (sign-in)
  • · Stripe customer ID + subscription status
  • · Signed entitlement issued to the local daemon
  • · Device activation records (up to 3 per account)
  • · Release feed metadata (which version is available)
  • · Support diagnostics — only when you choose to send them

processors: Supabase (identity, entitlement), Stripe (billing).

Diagnostics export

The app can produce a sanitized diagnostics bundle on demand. It is generated locally, you preview the contents, and you decide whether to attach it to a support thread. Nothing is sent automatically. We do not collect telemetry on prompts, diffs, or terminal output.

Hosted Team (planned)

When paid Team launches, the hosted relay will broker session presence and read-only views between teammates. The relay does not store source code. Session payloads transit only when a team member explicitly opens a shared session. Sharing boundaries are explicit and revocable.

Subprocessors

GitHub (OAuth identity), Stripe (billing + entitlement signing), Supabase (account database, edge functions). Vibe Toolbox does not send your source code to any of them.

Contact

Questions, data requests, or deletion requests:
[email protected]