Privacy Policy

Account Information. When you create an account, we collect your name, email address, and authentication credentials provided through third-party sign-in providers (Google, GitHub, Microsoft).

Source Code. When you initiate a scan, VulTest reads and analyzes the source code in the repositories you explicitly connect. This access is limited to the scope you authorize and is used solely to perform vulnerability scanning, bug detection, and code quality analysis.

Scan Results and Reports. We store the results of your scans, including identified vulnerabilities, logic errors, and implementation recommendations, so you can access them from your dashboard.

Usage Data. We collect anonymized analytics about how you interact with the platform (pages visited, features used) to improve the service. This data is not linked to your source code.

Support Messages. If you contact us through the Help page, we store your message along with your account email to respond to your inquiry.

We use the information we collect to:

• Perform AI-powered vulnerability scanning, bug detection, and code quality analysis on the codebases you submit.
• Generate scan reports and implementation recommendations delivered exclusively to you.
• Manage your account, subscriptions, and credits.
• Respond to support inquiries you send through the platform.
• Improve the platform experience through anonymized, aggregated usage analytics.

We do not use your source code, scan results, or any repository data to train, fine-tune, or improve our AI models.

Your code is processed in an isolated analysis environment for the sole purpose of delivering scan results to you. It is not aggregated with other users' data, not fed into training pipelines, and not used for any purpose beyond the service you explicitly requested.

This commitment applies to all plans, free and paid. There are no exceptions.

When you connect a repository, VulTest obtains read-only access to the source files within the scope you authorize. We do not modify your code, push commits, or alter your repository in any way.

Code analysis is performed in short-lived, isolated environments. Once a scan completes, the raw source code is purged from our processing infrastructure. Only the structured scan results (vulnerability reports, recommendations) are retained in your account.

You may revoke repository access at any time through your dashboard or by disconnecting the integration from your Git provider.

We do not sell, rent, or share your personal information or source code with third parties for their own purposes.

We may share limited data with:

• Infrastructure providers (cloud hosting, authentication) that process data on our behalf under strict data-processing agreements.
• Payment processors to handle subscription billing. We never store your full payment details.
• Legal authorities if required by law or to protect the rights and safety of our users.

Source code is deleted from our processing systems immediately after a scan completes. We do not maintain a persistent copy of your codebase.

Scan results are retained in your account until you delete them or close your account.

Account data is retained for the duration of your account. You may request complete deletion of your account and all associated data by contacting us at the address below.

We implement industry-standard security measures including encryption in transit (TLS) and at rest, strict access controls, and regular security audits. Code analysis runs in isolated, ephemeral environments with no cross-tenant data access.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us via our Help page.