Legal & Compliance

Last updated: February 2026

Privacy PolicyTerms of ServiceAcceptable UseData ProcessingCompliance

Privacy Policy

1. Data We Collect

We collect only what is necessary to provide our security scanning services:

  • Account information: Email address, name, and authentication tokens when you create an account.
  • Code data: Source code submitted for scanning is processed ephemerally and not stored unless you opt-in to continuous monitoring.
  • Scan metadata: Vulnerability findings, risk scores, and scan timestamps are stored to provide your scan history dashboard.
  • Usage data: Anonymous analytics on feature usage to improve the product.

2. How We Use Your Data

  • To perform security scans on your submitted code.
  • To generate anonymized threat intelligence for the Hive Mind feed.
  • To send scan results, security alerts, and account notifications.
  • To improve our scanning engines and detection accuracy.

3. Data Retention

Scan history is retained based on your subscription tier: 7 days (Exorcism), 90 days (Shield), 365 days (Vanguard), or unlimited (Fortress). Source code is processed in-memory and permanently deleted after scan completion unless continuous monitoring is enabled.

4. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Analytics cookies are strictly anonymized and can be opted out of.

5. Third-Party Services

We use the following third-party services to operate:

  • Supabase: Authentication and database storage (EU data residency available).
  • Stripe: Payment processing (PCI DSS Level 1 compliant).
  • Vercel: Frontend hosting and edge delivery.

6. Your Rights

You have the right to access, correct, export, and delete your personal data at any time. Contact privacy@securely.ai for data requests.

Terms of Service

1. Service Description

Securely provides AI-powered application security scanning, vulnerability detection, and threat intelligence services. We scan code repositories, URLs, and uploaded files for security vulnerabilities, misconfigurations, and known attack patterns.

2. Account Responsibilities

  • You are responsible for maintaining the security of your account credentials.
  • You must not share your API keys or access tokens with unauthorized parties.
  • You are responsible for all activity that occurs under your account.

3. Subscription & Billing

Paid subscriptions are billed monthly via Stripe. You may cancel at any time; cancellation takes effect at the end of the current billing period. Refunds are available within 14 days of initial subscription purchase.

4. Limitation of Liability

Securely provides security scanning on a best-effort basis. No security tool can guarantee 100% vulnerability detection. We are not liable for any damages, data breaches, or losses resulting from missed vulnerabilities, false positives, or service interruptions.

5. Termination

We reserve the right to suspend or terminate accounts that violate these terms, engage in abusive scanning behavior, or attempt to exploit our service. Account data will be retained for 30 days after termination for recovery purposes.

Acceptable Use Policy

By using Securely, you agree to the following:

  • Own or authorized targets only. Only scan code, URLs, and repositories that you own or have explicit written permission to test.
  • No malicious use. Do not use scan results to exploit vulnerabilities in any system.
  • No automated abuse. Do not overwhelm our API with excessive requests beyond your tier limits.
  • No reverse engineering. Do not attempt to extract, copy, or reverse engineer our scanning engines or detection rules.
  • Responsible disclosure. If you discover vulnerabilities in Securely itself, report them to security@securely.ai.

Data Processing Agreement

For Enterprise customers processing personal data subject to GDPR, CCPA, or other data protection regulations, Securely provides a Data Processing Agreement (DPA) that covers:

  • Processing scope and lawful basis for data handling.
  • Sub-processor disclosures and data transfer mechanisms.
  • Data breach notification procedures (within 72 hours).
  • Data subject request handling procedures.
  • Security measures and encryption standards.

To execute a DPA, contact legal@securely.ai.

CCPA Notice

California residents have additional rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt out of data sales. Securely does not sell personal information. To exercise your CCPA rights, email privacy@securely.ai.

Compliance

SOC2 Type II

Annual audit of security, availability, and confidentiality controls.

ISO 27001

Certified information security management system.

GDPR

Compliant for all data processing involving EU citizens.

For compliance documentation, audit reports, or security questionnaires, contact compliance@securely.ai.

Questions? Contact us at legal@securely.ai