Privacy Policy

1. Introduction

Scantonomous (“Company,” “we,” “us”) respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use the Scantonomous public marketing website and the authenticated Scantonomous product website (“Service”).

2. Information We Collect

Marketing website information: Contact details and demo request information you submit through the public website, including your email address, name, and any details you provide about your environment or needs.

Account information: Email address, name, and organization details you provide during registration or account management on the product website.

Source code: Code you submit for security scanning. This is processed temporarily and not retained long-term (see Data Retention below).

Scan results: Security findings, remediation suggestions, and scan metadata generated by the Service.

Usage data: Information about how you interact with the Service, including features used and scan frequency.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process your security scans and deliver findings
• Generate AI-powered remediation suggestions
• Communicate with you about your account and the Service
• Ensure security and prevent abuse

4. AI and Third-Party Data Sharing

Your code and findings are never shared with Anthropic, OpenAI, or any third-party AI provider. All AI-powered analysis runs within our own infrastructure. We do not use your code or scan results to train third-party AI models.

We may share limited account information with service providers who help us operate the Service (e.g., cloud infrastructure, email delivery), but only as necessary and under strict confidentiality agreements.

5. Data Retention

We retain your data for the minimum time necessary to provide the Service:

• Source code: Stored temporarily during scanning and automatically deleted within 1 day.
• Scan results and artifacts: Retained for up to 14 days, then automatically deleted.
• Logs: Retained for 30 days.
• Account information: Retained for the duration of your account. You may request deletion at any time.

6. Cookies

Marketing website: We do not use advertising cookies or third-party tracking cookies on the public marketing website.

Product website: We use strictly necessary cookies and similar browser storage to maintain authentication, session state, and core product behavior. If you allow optional performance monitoring in the product website’s cookie settings, we also use AWS CloudWatch RUM to measure frontend errors and page performance using cookies and local storage. We do not use advertising cookies.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure.

8. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Export your scan results and findings
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at sales@scantonomous.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance.

10. Contact

Questions about this Privacy Policy? Contact us at sales@scantonomous.ai.