Cyber-Guardian AI collects the minimum data needed to provide security scan results and protect the service from abuse.
Code submitted for scanning: processed for security analysis and may be sent to a third-party AI provider.
Scan metadata: scope, status, score, threat count, short threat summaries, timestamps, and one-way hashes used for caching and quota enforcement.
IP-derived usage keys: IP addresses are hashed before being stored for rate limiting and quota windows.
Email address: collected only if you subscribe to updates.
Payment information: handled by a payment provider if paid plans are enabled. We do not store card numbers.
2. Submitted Code
Do not submit code unless you have permission to analyze it. Avoid pasting production secrets, private keys, customer data, or highly confidential source code.
Submitted code may be sent to a third-party AI provider for analysis. Cyber-Guardian does not intentionally store full submitted code in the database. The server may temporarily process the code in memory and may cache a one-way hash for duplicate-scan caching.
3. What We Do Not Do
We do not sell personal data.
We do not use third-party advertising trackers.
We do not execute submitted code. Scans are static/AI-assisted analysis only.
4. How We Use Data
Provide scan verdicts, threat summaries, and recommendations.
Prevent abuse through rate limits, monthly quota, and global daily caps.
Generate aggregate scan statistics shown on the dashboard.
Improve detection quality and operational reliability.
5. Third-Party Providers
The service currently uses:
Third-party AI provider: AI-powered code analysis. The current provider may include Anthropic. See anthropic.com/privacy.
Vercel: hosting and serverless request processing.
Supabase: database storage for quotas, scan statistics, and dashboard data.
6. Data Retention
Submitted scan code: processed transiently and not intentionally stored by Cyber-Guardian.
In-memory scan cache: up to 1 hour.
Usage windows: expire automatically based on minute, hour, day, and monthly quota windows.
Aggregate scan metadata: retained for dashboard and service analytics.
Subscriber emails: retained until unsubscribe or deletion request.
7. Local Storage
The site may use browser local storage for language preference and client-side quota display. Server-side quota is enforced separately in Supabase.
8. Your Rights
Depending on your location, you may request access, correction, deletion, portability, or objection to processing. Contact the project operator through the contact channel listed on the site or repository.
9. Children
The service is not directed to children under 13. We do not knowingly collect data from minors.
10. Changes
If this policy changes, the updated version will be posted here with a new date.