Last updated: May 17, 2026
Summary: The DevSecOps Maturity Calculator processes all your assessment responses locally in your browser. We never transmit, store, or sell your assessment data. The only third-party service we use is Google Analytics for anonymous usage statistics.
The DevSecOps Maturity Calculator is operated by Vibehack (vibehack.dev). We build free, browser-based security tools for the cybersecurity community. For privacy-related questions, contact us at [email protected].
All maturity assessment responses, scores, and generated reports are processed entirely within your browser using JavaScript. No assessment data is ever transmitted to our servers, stored in any database, or shared with any third party. When you close or refresh the page, your responses are gone.
The 2026 edition includes an AI & LLM Security domain. As with all other domains, your responses to AI security questions are processed locally and never leave your device.
We use Google Analytics 4 to collect anonymous, aggregated usage data including page views, session duration, and general geographic region (country level only). We do not collect IP addresses in full, and all data is subject to Google's data minimization features. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.
We use a limited set of cookies:
The anonymous analytics data we collect is used solely to:
We never use data for advertising, profiling, or commercial purposes beyond operating this free tool.
We do not sell, rent, or share any personal data. Anonymous analytics data flows to Google Analytics under their standard data processing terms. We do not share data with any other third parties. The site is hosted on Cloudflare Pages; Cloudflare may process server access logs as part of standard CDN operations, subject to Cloudflare's Privacy Policy.
If you are located in the EU or UK, you have the following rights under GDPR / UK GDPR:
Because we do not collect personal data through the assessment itself, most of these rights apply only to analytics data processed by Google. You can exercise analytics-related rights by using Google's opt-out tools or by contacting us at [email protected].
California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact [email protected].
Analytics data retained by Google Analytics is subject to a data retention period of 14 months, after which it is automatically deleted. We do not retain any other personal data. Assessment data is never stored — it is discarded when you close your browser tab.
This tool is intended for security professionals and is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate action.
Analytics data may be transferred to and processed in the United States by Google LLC. Google relies on Standard Contractual Clauses (SCCs) for transfers from the EU. The site is distributed globally via Cloudflare's CDN network. By using this tool, you consent to these transfers as described in this policy.
We take reasonable technical measures to protect the integrity of this site, including HTTPS enforcement, strict security headers, and Content Security Policy (CSP). Since no assessment data is ever transmitted to a server, there is no server-side database that could be compromised.
We may update this policy to reflect changes in our practices or applicable law. Material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
For any questions about this privacy policy or your data rights: