VibeFrame Privacy Policy

This policy covers the VibeFrame CLI (@vibeframe/cli), the VibeFrame MCP server (@vibeframe/mcp-server), and the VibeFrame Claude Desktop extension. The canonical source lives in the repository as PRIVACY.md.

Summary

VibeFrame is a local-first tool. It collects no telemetry, runs on your machine, and only sends data to AI providers you configure and invoke.

Data we collect

None. VibeFrame has no analytics, crash reporting, or usage tracking. No data is sent to VibeFrame's maintainers or any VibeFrame-operated server.

Where your content lives

• Projects, storyboards, generated audio/images/video, and render outputs are written only to the workspace folder you choose on your own machine.
• Job records, caches, and configuration live inside that workspace (or standard local cache directories, e.g. the Hugging Face cache for the optional local Kokoro TTS model).
• Retention is under your control: deleting the workspace deletes the data.

Third-party AI providers

When you explicitly run a generation or AI-assisted operation, the relevant content (narration text, image prompts, media to transcribe or review) is sent to the provider you configured for that operation — depending on the keys you supply: Anthropic, OpenAI, Google (Gemini), ElevenLabs, Replicate, fal, Runway, Kling, or xAI. Each provider processes that data under its own privacy policy:

• Anthropic
• OpenAI
• Google
• ElevenLabs

Operations that do not name a provider (timeline editing, ffmpeg-based edits, scene linting, rendering, local Kokoro TTS) run fully locally and send nothing anywhere. Tool annotations in the MCP manifest mark which tools reach external services (openWorldHint).

API keys

API keys are supplied by you — via the Desktop extension's settings, a local .env file in your workspace, or environment variables. They are stored only on your machine, sent only to the corresponding provider to authenticate your own requests, and never transmitted to VibeFrame's maintainers.

Data sharing and selling

VibeFrame does not share, sell, or transfer your data to anyone. There are no VibeFrame servers in the data path.

About the vibeframe.ai website

This marketing website (not the CLI, MCP server, or extension) uses Google Analytics for aggregate page-view statistics, subject to Google's privacy policy. The tools themselves contain no analytics.

Children's privacy

VibeFrame is a developer tool and is not directed at children under 13.

Contact

• Issues and questions: github.com/vericontext/vibeframe/issues
• Security reports: security@vibeframe.dev