Privacy policy

Last updated: Septempber 2025

1. Who We Are

ShipSure is operated by [Legal Entity Name] ("we", "us", "our"). We provide automated security scanning for codebases, specifically designed for founders using AI coding tools.

Contact: hello@shipsure.ai
Address: 210 Seaview DrRichmond, CA 94801 US

2. What Data We Collect

Account Information

When you create an account:

  • Email address

  • GitHub username

  • Password (encrypted, we never see it in plaintext)

  • Payment information (processed by Stripe, we never see your card details)

Repository Data

When you authorize ShipSure to scan your repositories:

  • Repository names and metadata

  • Code files (temporarily, during scans)

  • Commit history and branch information

  • Dependencies and configuration files

Scan Results

We store:

  • Vulnerabilities detected in your code

  • Cost optimization opportunities identified

  • Historical scan data for tracking improvements

  • Your interactions with scan results (what you've marked as fixed, ignored, etc.)

Usage Data

Like every web service, we collect:

  • IP addresses

  • Browser type and version

  • Pages visited and features used

  • Time spent in the application

  • Error logs and debugging information

Communications

  • Support tickets and responses

  • Email interactions

  • Feedback you provide

3. How We Use Your Data

To Provide the Service

  • Scan your code for security vulnerabilities

  • Identify cost optimization opportunities

  • Display results in your dashboard

  • Send you notifications about critical issues

  • Process your payments

To Improve ShipSure

  • Understand which features are most valuable

  • Fix bugs and performance issues

  • Develop new scanning capabilities

  • Improve detection accuracy

Important: We analyze scan results in aggregate to improve our detection algorithms, but we never train AI models on your actual code or share your code with third parties.

To Communicate With You

  • Send critical security alerts

  • Provide product updates (if you opt in)

  • Respond to support requests

  • Send billing information

Legal Requirements

  • Comply with applicable laws

  • Respond to valid legal requests

  • Prevent fraud and abuse

  • Enforce our Terms of Use

4. How We Protect Your Data

Security Measures

  • All data encrypted in transit (TLS 1.3)

  • Encryption at rest for sensitive data

  • Regular security audits of our own infrastructure

  • Access controls limiting who can view your data internally

  • Multi-factor authentication for admin access

Code Handling

  • Code is scanned in isolated environments

  • Temporary copies are deleted immediately after scanning

  • We never clone your entire repository, only fetch necessary files

  • Scan results are stored separately from code

Data Retention

  • Active subscribers: Scan history retained for the duration of your subscription plus 90 days

  • Free tier users: Most recent scan retained for 90 days, older scans deleted

  • Cancelled accounts: All data deleted 90 days after cancellation

  • Account deletion: Immediate deletion of all data upon request (see Your Rights below)

5. Who We Share Data With

Service Providers

We use third-party services to operate ShipSure:

  • Stripe: Payment processing (they receive billing info, not code)

  • AWS/Cloud Provider: Hosting infrastructure

  • Email provider: Transactional emails (they receive your email address)

  • Analytics: Aggregate usage data only, no code or scan results

None of these providers receive access to your code or detailed scan results.

GitHub

We use GitHub's OAuth to authenticate you and their API to access repositories. GitHub's Privacy Policy applies to data they collect: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

We Never:

  • Sell your data

  • Share your code with anyone

  • Use your code to train AI models

  • Provide your scan results to third parties

  • Share customer lists with marketers

Legal Obligations

We may disclose data if required by law, court order, or to protect our rights and safety. We'll notify you unless legally prohibited.

6. Your Rights

Access and Portability

You can download all your scan results from your dashboard at any time. Email us for a complete data export.

Correction

Update your account information directly in settings. Contact support to correct scan result data.

Deletion

Delete your account anytime from settings. All data will be permanently deleted within 90 days. For immediate deletion, email us.

Opt-Out

  • Email notifications: Unsubscribe links in every email (except critical security alerts and billing)

  • Analytics: Use Do Not Track in your browser

  • Marketing: We don't do marketing emails unless you explicitly opt in

Data Minimization

We only collect what's necessary to run the service. Don't want us to scan specific files? Use a .shipsureignore file or exclude them in settings.

7. International Users

ShipSure is operated from [Country]. If you're outside [Country], your data may be transferred to and stored in [Country]. By using ShipSure, you consent to this transfer.

For EU/UK Users (GDPR)

  • Legal basis for processing: Contract performance (to provide the service) and legitimate interests (to improve the service)

  • Data Protection Officer: [email]

  • Right to lodge a complaint with your supervisory authority

  • All rights listed in Section 6 apply

For California Users (CCPA)

  • We don't sell personal information

  • Right to know what data we collect: See Section 2

  • Right to deletion: See Section 6

  • Right to non-discrimination: Exercising your rights won't affect service quality

8. Children's Privacy

ShipSure is not intended for users under 18. We don't knowingly collect data from children. If you believe a child has created an account, contact us immediately and we'll delete it.

9. Cookies and Tracking

Essential Cookies

Required for the service to function:

  • Session management (keeps you logged in)

  • Security tokens (prevents attacks)

  • User preferences

Analytics

We use minimal analytics to understand how ShipSure is used. These don't identify you personally. You can block them with browser extensions or Do Not Track.

We don't use advertising cookies or third-party tracking pixels.

10. Changes to This Policy

We'll notify you of material changes via:

  • Email to your registered address

  • Banner in the application

  • Update to "Last Updated" date at the top

Continued use after notification means you accept the changes. If you don't agree, delete your account before the changes take effect.

11. Contact Us

Questions about this Privacy Policy?
Support: hello@shipsure.ai

For security vulnerabilities in ShipSure itself, report to: security@shipsure.ai

Create a free website with Framer, the website builder loved by startups, designers and agencies.