Vibeland
All articles
Security2026-03-104 min read

How Your Data Is Protected in AI-Generated Apps

Understanding data privacy, storage, and security in Vibeland. Your data stays yours.

Your Data, Your Control

When you create an app with AI and start using it — adding todos, tracking expenses, logging workouts — where does that data go? How is it protected?

Here's a transparent look at how data works in Vibeland.

Where Your Data Lives

All user data is stored in a PostgreSQL database hosted on Supabase's infrastructure. Your data is:

  • Encrypted at rest — stored in encrypted form on the server
  • Encrypted in transit — all connections use TLS/HTTPS
  • Isolated by user — Row Level Security (RLS) ensures you can only access your own data
  • Backed up continuously — Point-in-Time Recovery (PITR) enables restoration to any point

    • What the AI Sees

    When you create an app, the AI receives:

  • Your prompt (description of what you want)
  • Your language preference
  • The current canvas context (what other apps exist)

    • The AI does not receive:

  • Data you've entered into existing apps
  • Your personal information
  • Your browsing history
  • Data from other users' apps

    • What Happens When You Share

    When you share an app via link:

  • The app's code and design are accessible to anyone with the link
  • Each user's data is separate — your todo items stay yours
  • For collaborative apps, shared data is visible to all participants
  • Visitors cannot access your other apps or personal data

    • Authentication & Security

  • No passwords stored — authentication uses secure token-based flows
  • httpOnly cookies — session tokens are not accessible to JavaScript
  • CSRF protection — all state-changing requests are verified
  • Content Security Policy — strict CSP prevents code injection
  • Rate limiting — API abuse is blocked automatically

    • AI-Generated Code Safety

    Apps generated by AI run in a sandboxed environment:

  • No access to your authentication tokens
  • No access to other users' data
  • No ability to make unauthorized API calls
  • localStorage and sessionStorage are blocked
  • All external requests go through a secure proxy

    • Your Rights

  • Export — download all your data at any time
  • Delete — delete individual apps, canvases, or your entire account
  • Portability — your data is in standard formats (JSON)

    • Third-Party Services

    Vibeland uses these third-party services:

  • Supabase — database and authentication (EU/US servers)
  • Vercel — application hosting (global CDN)
  • OpenAI / Anthropic / Google — AI model providers (prompts only, not your app data)

    • AI providers receive only the generation prompt, never your stored data.

    Summary

    Your app data is encrypted, isolated, and backed up. AI never sees your personal data. Shared apps keep each user's data separate. You can export or delete everything at any time.

    We believe privacy isn't a feature — it's a right.

    AI Apps for Educators: Custom Tools for Every ClassroomWhy Mobile-First Design Matters for AI-Generated Apps

    What's been bugging you?

    You don't need to imagine an app. Just name the pain and we'll build the fix.

    Tell us