We collect only what is necessary to provide and improve SafeAIScan.
Account information: When you register, we collect your email address, organisation name, and a bcrypt-hashed version of your password. We never store your plaintext password.
Usage data: We log the number of scans you perform, your plan tier, scan timestamps, and aggregate risk levels (HIGH / MEDIUM / LOW / NONE). We do not log the code you submit.
Technical data: We collect your IP address and User-Agent for rate limiting and security purposes. This data is not used for advertising.
Payment data: Payments are processed by PayPal. We store only a PayPal subscription or order ID. We never receive, process, or store your payment card number or full PayPal credentials.
We do not use your data for advertising, behavioural profiling, or any purpose not listed above.
Scan metadata — risk level, finding count, severity distribution, and timestamp — is stored in your account history so you can review past scan summaries. This metadata does not contain any code or identified secret values.
For repository scans, we clone the repository into a temporary directory, scan it, then delete the clone immediately when the scan completes. We do not retain any copy of repository contents.
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
We retain your account data for as long as your account is active. Scan history metadata is retained for up to 12 months. Usage statistics are retained for 90 days.
You may request deletion of your account and all associated data at any time by emailing privacy@safeaiscan.io. We will process deletion requests within 30 days.
Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it responsibly to security@safeaiscan.io.
We use only functional browser localStorage entries necessary to operate the service. We do not use tracking cookies or third-party analytics.
We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, email privacy@safeaiscan.io with the subject "Data Request". We will respond within 30 days.
California residents (CCPA): We do not sell personal information. You have the right to know what data we collect and to request deletion at no cost.
SafeAIScan is designed for professional and developer use and is not directed at anyone under 16. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact privacy@safeaiscan.io immediately.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you by email or in-app notification where required. Continued use of SafeAIScan after changes constitutes acceptance of the updated policy.