Privacy Policy

• Email: to send you the security report and manage your account.
• Audited server IP: to bind the token to the correct server.
• Audit results: configuration states (enabled/disabled, open ports, software versions). We do not collect file contents, passwords, or application data.
• Technical metadata: operating system, distribution, detected stack (Docker, Nginx, etc.).
• Anonymous analytics: essential cookies for authentication and preferences.

The audit agent is designed to send only check results, never sensitive data:

• No server file contents.
• No environment variable values.
• No passwords, API keys, or certificates.
• No database contents.
• No application source code.

All communication between the agent and our API is encrypted with HTTPS/TLS. Reports are stored in PostgreSQL with restricted access. Payment data is processed entirely through Stripe. We never store card details.

• Generate and send your security report.
• Manage your tokens and dashboard access.
• Process payments through Stripe.
• Improve the service based on aggregated, anonymous patterns.

We do not sell or share your personal information. We use these services to operate:

• Stripe: payment processing.
• Resend: transactional email delivery.
• Claude API (Anthropic): report generation in natural language. It only receives check results, never identifying server data beyond the IP.

If you are in the European Economic Area, you have the right to:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate data.
• Erasure: request deletion of your account and associated data.
• Portability: export your data in a standard format.

We retain your data as long as your account is active. Reports are kept for 12 months from generation. When you delete your account, all personal data, tokens, and reports are permanently removed within 30 days.

For any privacy questions or to exercise your rights, email us at hello@securecodehq.com. We respond within 30 days.