Privacy Policy

Last updated: 2026-05-16

Bryxe Shield (“Bryxe”, “we”, “us”) provides a security scanner for source code. This page explains what data we collect and how we use it.

Data we collect

• Account data: email, name (optional), hashed password, plan.
• Scan data: the files you upload or repositories you connect, along with the vulnerabilities our scanner detects.
• Billing data: we use Stripe for payments. We never see your card details — only the Stripe customer / subscription identifiers and status.
• Operational logs: IP address, user agent, request paths (for abuse prevention and debugging), retained ≤ 30 days.

How we use it

• To run and improve the scanner.
• To send transactional emails (receipts, scan-complete notifications).
• To enforce rate limits and prevent abuse.
• We do not use your code to train AI models, and we do not share your code with third parties beyond the model providers required to power the assistant (Anthropic) — and only when you explicitly invoke it.

Retention & deletion

Uploaded archives are processed in memory and discarded once the scan completes. Scan results are retained for the lifetime of your account, or 90 days for anonymous scans. You can request deletion at any time by emailing privacy@bryxe.app.

Sub-processors

• Stripe — payment processing.
• Anthropic — AI assistant (only when invoked).
• Resend — transactional email.
• Vercel / your chosen host — application hosting.

Your rights (GDPR / CCPA)

You may request access, correction, export, or deletion of your data at any time. Contact us at privacy@bryxe.app.

This is a starter policy. Before going live, have a lawyer review it against your jurisdiction's requirements (GDPR, CCPA, etc.).