Legal

Privacy Policy

Last updated: March 1, 2026

1. Introduction

SafeWeave ("we", "us", or "our") operates the SafeWeave security scanning platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our CLI tools, MCP integrations, cloud dashboard, and website.

2. Information We Collect

Account Information

When you create an account, we collect your email address and password (hashed). If you upgrade to a paid plan, we collect billing information through our payment processor, Stripe. We do not store credit card numbers directly.

Scan Data

When you run scans through the cloud dashboard, we process scan results (findings, severity levels, file paths, and line numbers). For self-hosted and CLI-only users, scan data remains on your local machine and is never transmitted to our servers.

Usage Data

We collect anonymized usage telemetry such as scan frequency, scanner types used, and feature adoption metrics. This data does not include source code or scan finding details.

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process transactions and manage your subscription
  • To send service-related communications (security alerts, billing notices)
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Data Sharing & Third Parties

We do not sell your personal information. We share data only with service providers necessary to operate our platform:

  • Stripe — payment processing
  • Railway — cloud infrastructure hosting
  • Email providers — transactional emails (verification, password reset)

5. Data Retention

We retain your account data for as long as your account is active. Scan results stored in the cloud dashboard are retained for 90 days by default; Team plans can configure custom retention periods. You may request deletion of your account and associated data at any time by contacting us.

6. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest for stored data, and regular security audits. Passwords are hashed using bcrypt. API keys and license keys are generated using cryptographically secure random generators.

7. Your Rights

You have the right to access, correct, or delete your personal data. You may also request a copy of your data in a portable format. To exercise these rights, contact us at support@safeweave.dev.

8. Cookies

We use essential cookies for authentication (session tokens) and preference storage. We do not use third-party tracking cookies or advertising pixels.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy, contact us at support@safeweave.dev.