Privacy Policy

Last updated: May 2026

1. Information We Collect

Account information: Email address, name, and profile picture (via GitHub OAuth). Payment information: Processed by Stripe and Coinbase Commerce — we do not store card numbers or wallet addresses. Source code: Code submitted for scanning via upload or GitHub integration. Usage data: Scan history, API usage, and feature interactions.

2. How We Use Your Information

We use your information to: provide the scanning service, process payments, send scan status notifications, improve scan accuracy and tool quality, and communicate about your account or service updates.

3. Source Code Retention

Source code submitted for scanning is retained in encrypted storage for up to one year. This data is used solely to improve the accuracy of our scanning tools. Retained source code is not shared with third parties. You may request deletion of your archived source code at any time by contacting us or using the DELETE /api/v1/scans/:id/data API endpoint.

4. Data Security

Scans run in isolated, ephemeral Docker containers. Source code is encrypted at rest. All data in transit is encrypted via TLS. API keys are stored as SHA-256 hashes.

5. Third-Party Services

We use the following third-party services: Stripe (payment processing), Coinbase Commerce (cryptocurrency payments), GitHub (OAuth and repository access), Resend (email delivery), and Sentry (error monitoring). Each service has its own privacy policy governing data they process.

6. Cookies

We use session cookies for authentication. We do not use tracking cookies or third-party analytics.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. You may delete your archived source code via the API. You may close your account at any time.

8. Contact

For privacy-related questions, contact us at support@sourcehat.com.