Security Practices

At PrivacyReport, we take the security of your code and data extremely seriously. Because we analyze your source code and infrastructure configurations, we have implemented stringent, enterprise-grade security protocols to ensure that your intellectual property remains confidential and secure.

1. Data Processing and Storage

PrivacyReport operates primarily as a static analysis engine. When you connect your repository, our systems scan the code in a secure, ephemeral, isolated environment. We do not store your source code on our servers. Once the scan is complete and the vulnerability report is generated, the localized copy of your codebase is immediately and permanently destroyed. The only data we retain is the metadata of the vulnerabilities found (e.g., "API Key Exposure on line 42") so you can track your remediation progress over time.

2. Encryption

All data transmitted between your browser, your code repositories (GitHub, GitLab), and our servers is encrypted in transit using industry-standard TLS 1.3. Any vulnerability metadata we store is encrypted at rest using AES-256 encryption. Our database infrastructure is hosted on AWS, utilizing strict VPC isolation and least-privilege IAM roles.

3. Third-Party Audits and Penetration Testing

We undergo regular, independent third-party penetration testing and security audits to ensure our defenses are robust against the latest threats. We also maintain a responsible disclosure program. If you are a security researcher and believe you have found a vulnerability in PrivacyReport, please contact us immediately at security@privacyreport.org.