V
VettCode
Sign InGet Started

Privacy Policy

Last updated: March 14, 2026

1. Introduction

VettCode (“we,” “us,” or “our”) operates the vettcode.com website and the VettCode scanner CLI tool. This Privacy Policy explains how we collect, use, and protect information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials through our authentication provider (Clerk). You may also sign in via Google, GitHub, or Apple.

2.2 Scan Data

When you upload scan results, we receive a JSON file containing hashed data and aggregate metrics about your codebase. This data contains no source code, file paths, file names, or secrets. The VettCode scanner runs locally on your machine and only produces hashes and aggregates.

2.3 Git Provider Data

If you connect a GitHub or GitLab account, we temporarily access your repositories to perform scans. Source code is cloned to an ephemeral container, scanned, and immediately deleted. We do not persist source code from git provider scans.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. We receive only transaction identifiers and payment status from Stripe.

2.5 Cookies

We use only essential cookies for authentication sessions (managed by Clerk) and an optional analytics cookie (Vercel Analytics). You can manage your cookie preferences through the cookie consent banner displayed on your first visit. We do not use third-party tracking cookies.

3. How We Use Your Information

  • To provide and maintain our services
  • To generate signed reports from your scan data
  • To process payments through Stripe
  • To verify report authenticity via public verification links
  • To send transactional emails (report ready, payment confirmation) — these are essential and cannot be opted out of
  • To improve our services through anonymized analytics

We do not send marketing emails without your explicit consent. You can manage your email preferences in your account settings at any time.

4. Deep Scan Data Handling

Deep scans require sending source code to Anthropic's Claude API for AI-powered analysis. This only occurs with explicit seller approval. Anthropic does not use your code for model training, and code is not stored after processing. The deep scan results are incorporated into a signed report.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing
  • Clerk — for authentication
  • Anthropic (deep scans only) — for AI-powered code analysis, with seller consent
  • Google Cloud Platform — for infrastructure hosting and report storage

6. Data Retention

Scan data and reports are retained as long as your account is active. You may request account deletion at any time through your settings page, which will permanently remove your account and associated data. Signed reports that have been shared via verification links will have their verification status revoked upon account deletion.

7. Security

We implement industry-standard security measures including Ed25519 cryptographic signing for all reports, encrypted data transmission (TLS), and secure key management via Google Cloud Secret Manager. Scanner binaries are code-signed to prevent supply chain attacks.

8. Your Rights

You have the right to access, correct, or delete your personal data. You can delete your account and all associated data through the Settings page. For data access or correction requests, please contact us at privacy@vettcode.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@vettcode.com.