Privacy Policy

Last updated: 6 June 2026

VibeMark is built to read and review documents, not to track people.

What we collect

VibeMark has no analytics, no accounts, no tracking, and no advertising.

By default, we do not receive your documents or review notes. Files you open stay on your device, and Review mode comments/source edits are stored locally unless you explicitly share or sync them.

If you choose to use Review Sync with a configured bridge, the bridge stores the review-session data needed to make that feature work: tokenized session links, document context, review comments, source-edit proposals, author role/display name, item status, and sync timestamps. Source-edit proposals can include before/after source text. This data is used only to sync feedback between reviewers and to let Codex fetch pending review items after you configure the VibeMark bridge. It is not used for ads, analytics, or tracking.

Where your documents live

• Files you open or import are stored locally on your device only.
• Review comments and source edits you create in Review mode are stored locally by default. When you choose Send to Codex, the app creates a local/shareable .reader-review.json handoff packet. When you explicitly create a Review Sync session, comments and source edits are uploaded to the review sync server URL you configured, which may be a local bridge, a trusted tunnel, or a hosted Worker bridge. Synced review items include the local display name you enter for that review. Review Sync links contain session tokens; only share them with people who should access that review.
• Documents render on-device. In the default “Safe Read” mode, remote content (images, scripts, fonts referenced by a document) is blocked — nothing is fetched from the internet unless you explicitly choose “Run this document”.
• If you connect a GitHub repository, requests go directly from your device to GitHub to list and fetch the files you choose. Any access token you provide is stored in the device Keychain and is sent only to GitHub. We never see it.

Third parties

None by default. The only network requests the app can make are: (1) loading remote content you explicitly approve per document, (2) GitHub API calls you initiate by adding a repository, and (3) Review Sync requests to the server URL you configured. If you share a .reader-review.json packet with Codex, ChatGPT, Files, AirDrop, or another app, that sharing is initiated by you through the system share sheet.

Access and deletion

You can delete local documents, comments, and source edits in the app. When a synced review item is deleted while its session is still configured, VibeMark also asks the bridge to delete that item. Review Sync sessions are token-link based, so treat owner, reviewer, and read links like private collaboration links.

Contact

Questions: [email protected]

Deleting the app removes its local data from your device. For hosted Review Sync data questions, contact us with the review-session link or session id you want us to inspect or remove.