Privacy Policy

Last updated: May 19, 2026

Information we collect

We collect information you provide directly: your email address when you sign up, and repository URLs you submit for scanning.

How we use your information

We use your email to authenticate your account and send you scan completion notifications. Repository URLs are analysed server-side and not stored beyond what is necessary to display your scan results.

Data storage

Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure. Payments are processed by Stripe — we do not store card details.

Data residency

All customer data is stored in the United States (AWS us-east-1 region via Supabase). Data does not leave the US region. For enterprise customers requiring specific data residency, contact us for custom deployment options.

Data retention

We retain your data as follows:

• Scan results: 90 days by default (configurable up to 365 days for Professional/Enterprise tiers)
• Account data: Active account lifetime + 30 days after deletion
• Audit logs: 1 year (compliance requirement)
• Backups: 7 days (automatic via Supabase)

You can delete your scan results anytime from your dashboard. Account deletion requests are processed within 48 hours. For GDPR/CCPA deletion requests, email privacy@toolkitscanner.com.

Full retention policy: Data Retention Policy

Third-party services

We use Clerk for authentication, Stripe for payments, Resend for transactional email, and PostHog for product analytics. Each service has its own privacy policy.

Your rights

You have the right to access, correct, or delete your personal data. You can export your data anytime from Account Settings. For deletion requests, contact privacy@toolkitscanner.com (processed within 48 hours).

Contact

For privacy questions, contact us at privacy@toolkitscanner.com.