🔒 Privacy First
Privacy Policy
How VullScanny protects your data
⚡ TL;DR
- Zero Storage: Your code is never stored on our servers
- Temporary Access: OAuth tokens are session-only
- Real-time Scanning: All analysis happens in memory
- Read-Only: We only request read access to repositories
1. What We Collect
GitHub Profile Information:
- Username
- Email address
- Profile picture
- Repository list (names only)
During Scans:
- package.json contents (to detect React)
- Source file contents (analyzed in memory)
- Scan results (temporarily, for display)
2. What We DON'T Store
- ❌ Your source code
- ❌ Repository contents
- ❌ GitHub access tokens (beyond session)
- ❌ Scan results (cleared on logout)
- ❌ Personal files or documents
- ❌ Any sensitive information
3. How We Use Data
We use collected data only for:
- Authenticating your GitHub account
- Fetching your repository list
- Scanning selected repositories for vulnerabilities
- Displaying scan results to you
- Generating AI-powered fix suggestions
All processing happens in real-time. Nothing is saved to disk.
4. Third-Party Services
We use the following services:
- GitHub API: For authentication and repository access
- AI Services: For vulnerability analysis (code snippets only, not full files)
These services have their own privacy policies. We send minimal data required for functionality.
5. Data Security
- All connections use HTTPS encryption
- Tokens are stored in secure, HTTP-only cookies
- Session data expires after logout
- No persistent storage of sensitive information
- Regular security audits of our codebase
6. Your Rights
You have the right to:
- Disconnect your GitHub account at any time
- Revoke access via GitHub settings
- Request deletion of any stored data (minimal as it is)
- Know exactly what data we process
7. Contact
Questions about privacy? Contact us at: contact@sdad.pro
Last Updated: December 15, 2025