SafeAIScan
Terms Home
Privacy Policy
SafeAIScan  ·  Last updated: 24 May 2025  ·  Effective: 24 May 2025
Summary: We scan your code to find security issues. We do not store your code after scanning. We do not sell your data. You can delete your account and all associated data at any time by emailing privacy@safeaiscan.io.
Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Code and Scan Data
  4. Data Sharing
  5. Data Retention
  6. Security
  7. Cookies and Local Storage
  8. Your Rights (GDPR / CCPA)
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

We collect only what is necessary to provide and improve SafeAIScan.

Account information: When you register, we collect your email address, organisation name, and a bcrypt-hashed version of your password. We never store your plaintext password.

Usage data: We log the number of scans you perform, your plan tier, scan timestamps, and aggregate risk levels (HIGH / MEDIUM / LOW / NONE). We do not log the code you submit.

Technical data: We collect your IP address and User-Agent for rate limiting and security purposes. This data is not used for advertising.

Payment data: Payments are processed by PayPal. We store only a PayPal subscription or order ID. We never receive, process, or store your payment card number or full PayPal credentials.

2. How We Use Your Information

  • To operate SafeAIScan and deliver scan results to you
  • To enforce daily scan limits based on your plan
  • To send transactional emails (account confirmation, trial expiry reminder)
  • To detect and prevent fraud, abuse, and security threats
  • To improve detection patterns and AI analysis quality (using only aggregate, non-identifying data)
  • To provide customer support when you contact us

We do not use your data for advertising, behavioural profiling, or any purpose not listed above.

3. Code and Scan Data

Your code is never stored. Code submitted for scanning is processed entirely in memory and discarded immediately after the scan completes. It is never written to disk, logs, databases, or any persistent storage.

Scan metadata — risk level, finding count, severity distribution, and timestamp — is stored in your account history so you can review past scan summaries. This metadata does not contain any code or identified secret values.

For repository scans, we clone the repository into a temporary directory, scan it, then delete the clone immediately when the scan completes. We do not retain any copy of repository contents.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • Supabase: Database and authentication provider. Account data (email, hashed password, plan, usage counts) is stored in Supabase's infrastructure. Supabase is SOC 2 Type II certified.
  • PayPal: Payment processor. PayPal receives your payment details and returns a subscription or order ID. We do not receive your full payment details.
  • Hugging Face: AI analysis is run on Hugging Face Inference API. Only code snippets up to 1,500 characters are sent for AI enrichment; they are not retained by us after the API call.
  • Legal: We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Retention

We retain your account data for as long as your account is active. Scan history metadata is retained for up to 12 months. Usage statistics are retained for 90 days.

You may request deletion of your account and all associated data at any time by emailing privacy@safeaiscan.io. We will process deletion requests within 30 days.

6. Security

  • All data in transit is encrypted using TLS 1.2 or higher
  • Passwords are hashed using bcrypt with a per-user salt
  • API keys are stored as SHA-256 hashes — we never store the raw key
  • All API endpoints require JWT authentication
  • Rate limiting is applied to every endpoint to prevent brute-force and abuse
  • Security headers (CSP, X-Frame-Options, X-Content-Type-Options) are set on all responses
  • Input validation and sanitisation is applied to all user-supplied data
  • High-entropy string detection prevents inadvertent secret exposure in scan results

Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it responsibly to security@safeaiscan.io.

7. Cookies and Local Storage

We use only functional browser localStorage entries necessary to operate the service. We do not use tracking cookies or third-party analytics.

  • access_token: Your JWT, stored in localStorage. Expires after 24 hours.
  • user_plan, is_pro, trial_active: Cached plan data to avoid unnecessary API calls. Refreshed on each login.
  • user_email: Cached for display purposes. Never transmitted without explicit user action.

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data
  • Withdraw consent: Withdraw any consent you have given at any time

To exercise any of these rights, email privacy@safeaiscan.io with the subject "Data Request". We will respond within 30 days.

California residents (CCPA): We do not sell personal information. You have the right to know what data we collect and to request deletion at no cost.

9. Children's Privacy

SafeAIScan is designed for professional and developer use and is not directed at anyone under 16. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact privacy@safeaiscan.io immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you by email or in-app notification where required. Continued use of SafeAIScan after changes constitutes acceptance of the updated policy.

11. Contact Us

  • Privacy requests: privacy@safeaiscan.io
  • Security issues: security@safeaiscan.io
  • General enquiries: hello@safeaiscan.io
© 2025 SafeAIScan. All rights reserved.
Terms of Service Home Enterprise