Privacy Policy
Last updated: June 2026
1. What We Collect
When you use DeploySafe, we collect:
- Account information - your email address when you sign up
- Scan targets - the URLs you submit for scanning
- Scan results - vulnerability findings generated from your scans
- Monitored projects - applications you register for Continuous Monitoring, and any login credentials you choose to store for authenticated scheduled scans (encrypted at rest)
- Usage data - page views and feature interactions via PostHog analytics
2. Authenticated Scanning and Credentials
For one-time authenticated scans, any login credentials you provide are used solely to perform the scan against your application and are not stored, logged, or retained after the scan completes.
For Continuous Monitoring, the credentials you add to a monitored project are stored encrypted at rest so scheduled scans can authenticate on your behalf. They are used only to scan that project, are never sold or shared, and are permanently deleted when you remove the project or delete your account.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. How We Use Your Data
We use the data we collect to:
- Provide and operate the DeploySafe service
- Associate scan results with your account
- Run scheduled scans and email you the results for monitored projects
- Process payments and manage credit balances and subscriptions
- Improve the platform through aggregated, anonymised usage analytics
4. Third-Party Services
DeploySafe uses the following third-party services, each with their own privacy policies:
- Supabase - authentication and database storage
- Polar - payment processing and subscriptions
- Resend - delivery of monitoring scan report emails
- PostHog - product analytics (anonymised usage data)
We share only the minimum data necessary with each provider to deliver the service.
5. Data Retention
Scan results are retained for as long as your account is active. You can delete individual scans from your dashboard at any time.
Credentials stored for a monitored project are kept encrypted at rest and retained until you remove the project or delete your account, at which point they are permanently deleted.
If you delete your account, your scan history, monitored projects, stored credentials, and personal data are permanently removed from our systems within 30 days.
6. Security
We take reasonable measures to protect your data, including encrypted connections (HTTPS), encryption at rest for stored project credentials, access controls, and row-level security on our database.
No system is completely secure. If you discover a security issue in DeploySafe itself, please disclose it responsibly by contacting [email protected].
7. Your Rights
You have the right to access, correct, or delete the personal data we hold about you. To make a request, contact us at [email protected].
If you are based in the EU or UK, you also have rights under the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email where possible. Continued use of DeploySafe after changes are posted constitutes acceptance of the updated policy.
9. Contact
For privacy-related questions or requests, contact us at [email protected].