Migration assurance
Privacy policy
This policy explains what is processed during a scan and what the service deliberately does not retain.
Operator and contact
The production operator, jurisdiction and privacy contact are published here. Values marked TO_BE_CONFIGURED must be replaced with the real legal identity before public paid launch.
| Field | Value |
|---|---|
| Legal operator | TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| Address | TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| Jurisdiction | TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| Effective date | TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| Support contact | support@your-domain.example |
| Security contact | security@your-domain.example |
| Legal contact | legal@your-domain.example |
| Privacy contact | privacy@your-domain.example |
What we process
We process source, configuration or sample text submitted by paste or ZIP in order to produce findings. A static scan does not require Amazon credentials or an account.
What we store
The report stores findings, typed evidence, file paths where applicable, ruleset metadata and counts for the access period attached to the purchased product: 30 days for Single, 90 days for Bundle and 180 days for each Agency beta project after its first paid scan or unlock. Agency credits expire 180 days after purchase, no new project may be created after credit expiration, and Agency stored report data expires no later than 365 days after pack purchase. Free preview report access is 30 days. Source is not retained; the uploaded ZIP and full submitted source are not persisted.
Secrets and analytics
Possible secret values are masked. .env files commonly contain credentials; prefer .env.example or redact all secrets before upload. Pasted text runs browser preflight before submit; uploaded files are received into isolated transient processing and scanned server-side before report persistence. Secret preflight blocks private keys, LWA client secrets, AWS keys, OAuth tokens, database URLs and password assignments before a report is saved. Product analytics, when enabled, excludes source, filenames, file paths, snippets, emails, order IDs, report tokens and raw errors.
Your choices
Reports expire and can be deleted using their private access link. Account-lite data can also be deleted. Privacy rights requests should be sent to the privacy contact with enough information to identify the report or purchase, but never the private access token.
Subprocessors and international data handling
Paid launch requires the configured hosting/storage, email and payment processors to be published. Until those fields are final, this policy is suitable for staging/private beta, not production paid launch.
| Area | Provider |
|---|---|
| Payment processor | Paddle |
| Hosting/storage | Production hosting/storage vendor TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| Email delivery | Production email vendor TO_BE_CONFIGURED_BEFORE_PAID_LAUNCH |
| International handling | Data may be processed where the configured hosting, payment and email subprocessors operate; final production subprocessors must be published before paid launch. |
Last reviewed: 2026-07-02.
Open the interactive scanner: /app#/privacy