Privacy Policy

What we store about you

• Your email — only if you provide it to receive a report.
• Your IP address — to limit scans per hour. Not used for tracking.
• The URL you scanned — linked to your scan results.

What we store about the target

• Discovered API endpoints (paths, methods, and short response previews).
• Detected technologies and frameworks.
• A model of what the application does (product name, category, tech stack).
• Findings — cost and security risks with severity, estimated cost, and remediation steps.
• Public API keys found in your JavaScript (needed to re-run scans).
• Database row counts (not actual data).

If the scan discovers exposed secrets (like API keys), we only store a truncated version (first few and last few characters). We never store full credentials, response bodies, or personal data from the target's users.

How we use your data

• To run the scan and generate your report.
• To email you the report (if you gave us your email).
• To improve the service over time.

Retention

Scan data expires automatically after 90 days. You can request earlier deletion by emailing us.

Sharing

We don't sell your data. Reports are only sent to the email address you provide. We use infrastructure providers (hosting, email delivery) to operate the service, and will share data if required by law.

Third-party services

• Anthropic (AI) — Pro tier scan data is processed by AI to generate cost analysis reports. Prompts and responses are logged for debugging and service improvement.
• Stripe — payment processing for Pro tier subscriptions.
• PostHog — product analytics (see below).

Cookies and tracking

We use PostHog for product analytics (button clicks, page views) to improve the product. No data is sold to third parties. You can opt out via your browser's Do Not Track setting.

Your rights

You can ask us to show, correct, or delete your data at any time. Email teemu.sormunen@centrive.ai.

Changes

We may update this policy. Continued use after changes means you accept them.