What we keep,
where, and why.

For the free Chrome extension: nothing. No account, no telemetry, no analytics. The extension runs entirely in your browser.

For the marketing site (vaultbix.com): a privacy-first analytics tool (Plausible) that records anonymous page views. No cookies, no fingerprinting, no IP logging.

If you email founders@vaultbix.com: we keep your email and the contents of your message. Standard email.

All detection happens locally in your browser. Your prompts never reach our servers because we don’t have detection servers.

The optional team tier (in design) syncs incident metadata to a backend. We only sync SHA-256 hashes of detected patterns, never the raw secret values. You can audit this in the open-source repo.

A tool that protects secrets has to be auditable. If we sent your prompts anywhere, you should not trust us. So we don’t.

VaultBix is provided as-is, under the MIT license for the open-source extension. We make a best effort to detect leaks but make no guarantees. You are still responsible for your own secret hygiene.

Don’t use VaultBix to do anything illegal. That’s about it.