🛡️

Security & Compliance

Your security is our top priority. We use enterprise-grade encryption and follow industry best practices to protect your data.

🔐

AES-256 Encryption

Military-grade encryption for all sensitive data

✓

GDPR Compliant

Full compliance with EU data protection regulations

📋

Regular Audits

Quarterly security reviews and penetration testing

👁️

24/7 Monitoring

Continuous security monitoring and threat detection

Data Protection

🔐 GitHub Token Encryption

All GitHub Personal Access Tokens are encrypted using AES-256-GCM before storage. This military-grade encryption ensures that even if our database were compromised, your tokens would remain secure.

✓256-bit encryption keys
✓Unique encryption vector per token
✓Authentication tags for integrity
✓Tokens only decrypted in memory

🗄️ Database Security

We use MongoDB Atlas with enterprise-grade security features to protect your data at rest and in transit.

✓Encryption at rest enabled
✓TLS/SSL for data in transit
✓IP whitelist access control
✓Regular automated backups

🔒 Authentication & Access

We use Clerk for enterprise-grade authentication with multiple security layers.

✓Multi-factor authentication (MFA)
✓OAuth 2.0 with GitHub
✓Session management & rotation
✓Rate limiting & abuse prevention

🌐 Application Security

Our application follows OWASP security guidelines and industry best practices.

✓HTTPS/TLS everywhere
✓Content Security Policy (CSP)
✓XSS & CSRF protection
✓API endpoint authentication
✓Rate limiting & abuse prevention
✓Automated dependency updates

Compliance & Certifications

✓GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) and respect your data privacy rights:

✓ Right to access your data
✓ Right to data portability
✓ Right to be forgotten
✓ Data processing transparency
✓ Consent-based data collection

✓Industry Standards

Our security practices align with recognized industry standards:

✓ OWASP Top 10 protection
✓ NIST cybersecurity framework
✓ ISO 27001 guidelines
✓ CIS security benchmarks
✓ PCI DSS encryption standards

Infrastructure & Hosting

☁️ Vercel

Enterprise-grade hosting with automatic SSL, DDoS protection, and global CDN.

🗄️ MongoDB Atlas

Fully managed database with encryption, backups, and enterprise security features.

🔐 Clerk

Enterprise authentication with SOC 2 Type II compliance and advanced security features.

Privacy & Data Usage

What data do we collect?

We only collect data necessary to provide our service: your email address, GitHub username, selected repositories, and scan results. We never access your repository code or private files.

How do we use your data?

Your data is used solely to scan dependencies and provide vulnerability reports. We never sell, share, or use your data for marketing purposes without explicit consent.

Can you delete your data?

Yes. You can delete your account and all associated data at any time from your settings page. Deletion is permanent and immediate.

Our Security Practices

🔍 Regular Security Audits

We conduct quarterly security reviews and annual penetration testing to identify and fix vulnerabilities before they can be exploited.

🛡️ Dependency Management

We practice what we preach - automated dependency updates and vulnerability scanning for our own codebase.

📊 Monitoring & Logging

24/7 security monitoring with real-time alerts for suspicious activity, failed login attempts, and anomalies.

🚨 Incident Response

We have a documented incident response plan and will notify affected users within 72 hours of any security breach.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure and will work with you to resolve any issues quickly.

Email: nicktheodoulou96@gmail.com

Please include detailed information about the vulnerability, steps to reproduce, and potential impact. We aim to respond within 24 hours.

We do not currently offer a bug bounty program, but we deeply appreciate responsible researchers and will acknowledge your contribution.

Questions About Security?

We're happy to answer any questions about our security practices or provide additional documentation for enterprise customers.