Privacy Policy
Last updated: February 12, 2026
1. Information We Collect
When you use ValidGen, we collect:
- Account info: Your GitHub username, email address, and avatar provided via GitHub OAuth.
- Scan metadata: Repository URLs, scan timestamps, vibe scores, findings count, and the security findings JSON.
- Billing info: Payment data is processed by our payment provider (Dodo Payments). We store only subscription IDs and plan tier — never card numbers.
2. What We Do NOT Collect
We never store your source code. Repositories are cloned into a temporary directory, scanned in an isolated Docker container, and immediately deleted after the scan completes. Only the findings metadata is retained.
3. How We Use Your Information
- To provide and improve the security scanning service.
- To authenticate your identity and manage your account.
- To enforce rate limits and prevent abuse.
- To send transactional emails (scan results, billing receipts) — never marketing spam.
4. GitHub OAuth Token
If you grant access to private repositories, your GitHub OAuth token is encrypted at rest using AES-256 encryption and stored only for the duration needed to clone and scan your repo. You can revoke access at any time from your GitHub settings.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties, except:
- With payment processors to handle billing.
- When required by law or to protect our legal rights.
- With infrastructure providers (hosting, database) necessary to operate the Service.
6. Data Security
We use industry-standard security measures including encrypted connections (TLS), encrypted token storage, isolated scanning containers, and Row Level Security (RLS) on our database to ensure users can only access their own data.
7. Data Retention
Scan results are retained indefinitely for your reference. If you delete your account, all associated scan data is permanently removed within 30 days. Source code is never retained past the scan duration.
8. Cookies
We use essential cookies for authentication session management (Supabase auth cookies). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded.
9. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Revoke GitHub OAuth access at any time.
- Export your scan history.
10. Contact
For privacy-related questions or data requests, contact us at [email protected].