Privacy Policy

Last updated: June 2026 · SecurePR is GDPR-compliant

What we collect

Data	Why	Retention
Email address	Account, notifications	Until deletion
Organisation name	API key scoping	Until deletion
Repository metadata	Scan targeting	90 days
Security findings	Dashboard, history	90 days
API usage metrics	Rate limiting, billing	90 days

What we do not collect

We do not store your source code. Repositories are cloned into ephemeral containers, scanned, and the clone is deleted immediately. We do not use your code to train AI models.

Third-party processors

Railway — hosting and compute (EU servers)
Stripe — payment processing
Resend — transactional email
GitHub / GitLab — repository access via your token

Your GDPR rights

As an EU/UK resident you have the right to access, rectify, port, or erase your data. To exercise any right, email privacy@securepr.dev. We respond within 30 days.

Cookies

We do not use tracking cookies. The API uses stateless JWT-style API keys for authentication.

Security

API keys are stored hashed. Scan findings are stored in a private PostgreSQL instance. All traffic is encrypted in transit via TLS 1.3.

Contact

Privacy enquiries: privacy@securepr.dev