Privacy Policy

1. Introduction

Welcome to SecureCode ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-layered AI security scanning service, including Semgrep, Scout AI, Juror AI, and Fixer features.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and email address (for account management)
• Payment information (processed securely through third-party processors)
• Account credentials
• Company name and role (optional)

2.2 Code and Technical Information

When you use our service, our multi-stage pipeline processes specific data:

• Code Snippets: Code you explicitly select for scanning or fixing is processed by our Semgrep (static analysis), Scout AI (pattern finding), and Juror AI (verification) layers.
• Fix Requests: When you use "Fixer", we process the vulnerable code block to generate adversarial test cases and secure patches.
• Scan Results: We store the metadata of vulnerabilities (type, line number, confidence score) to display your dashboard.
• Usage Metrics: False positive rates and verification outcomes (used to calibrate our confidence scores).
• Device information, IP addresses, and VS Code extension telemetry.

2.3 Automatically Collected Information

We automatically collect certain information, including:

• Log data (access times, pages viewed, IP address)
• Cookies and similar tracking technologies
• Performance and diagnostic data

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing our security scanning service (running Semgrep, Scout, Juror, and Fixer pipelines)
• Processing transactions and managing Pro/Team subscriptions
• Calibrating our confidence scoring algorithms (using non-identifiable aggregate data)
• Sending service updates, security alerts, and support messages
• Detecting and preventing abuse of our API limits
• Complying with legal obligations

4. Code Privacy and AI Security

We treat your code as sensitive intellectual property. Our AI interactions are governed by strict policies:

• Ephemeral Processing: Code sent to Scout AI and Juror AI is processed in memory and discared after analysis. It is NOT retained for model training.
• No Training on User Code: We do NOT use your code snippets to train our foundation models (e.g., Claude, GPT) or our internal classifiers.
• Encryption: All data, including code snippets and generated fixes, is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Adversarial Testing Data: Test cases generated by the Fixer are transient and exist only for the duration of the validation process.
• Access Controls: Strict role-based access controls limit internal access to system logs.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: Third-party vendors who assist in providing our services (e.g., payment processors, cloud hosting)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Code submissions are typically deleted within 30 days unless saved to your account. You may request deletion of your data at any time by contacting us.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Request restriction of processing in certain circumstances

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze site traffic and usage patterns
• Personalize your experience
• Improve our services

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Security Measures

We implement industry-standard security measures to protect your information:

• End-to-end encryption for data transmission
• Secure data storage with encryption at rest
• Regular security audits and penetration testing
• Multi-factor authentication options
• Employee training on data protection
• Incident response procedures

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: