Privacy Policy

Effective date: April 3, 2026

1. Who We Are

LogicGuard (“we”, “us”, “our”) operates the LogicGuard code-analysis platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights. If you have questions, contact us at privacy@logicguard.dev.

2. Data We Collect

Account data

Name, email address, and hashed password when you register. If you sign in with GitHub or Google, we receive your public profile name and email from that provider.

Code and scan data

Source code or repository links you submit for scanning. Scan results, vulnerability findings, and reports generated on your behalf. We do not share your code with third parties for any purpose other than running the scan (e.g. sending relevant snippets to our AI provider).

Usage data

Pages visited, features used, scan counts, API calls, and timestamps. This helps us improve the product and enforce plan limits.

Payment data

When you subscribe or purchase scan tokens, our payment processor collects your payment details directly. We receive only a transaction reference and status — we never store your card number or bank details.

Technical data

IP address, browser type, and device information collected automatically in server logs. These are used for security, debugging, and abuse prevention.

3. How We Use Your Data

  • To provide, operate, and improve the Service.
  • To authenticate you and keep your account secure.
  • To process payments and manage your subscription.
  • To send transactional emails (password resets, invoice receipts, security alerts).
  • To send product updates and marketing emails — you can unsubscribe at any time.
  • To comply with legal obligations and enforce our Terms of Service.
  • To detect and prevent fraud, abuse, and security incidents.

We do not sell your personal data to third parties. We do not use your private source code to train AI models.

4. Legal Basis for Processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, our legal bases are:

  • Contract — processing necessary to provide the Service you signed up for.
  • Legitimate interests — security, fraud prevention, and product improvement, where not overridden by your rights.
  • Legal obligation — compliance with applicable laws.
  • Consent — marketing emails (you may withdraw consent at any time).

5. Data Sharing

We share personal data only with:

  • Infrastructure providers (cloud hosting, database) — to host and run the Service.
  • AI provider (OpenAI) — code snippets are sent for analysis under our data-processing agreement; OpenAI does not train on API-submitted data.
  • Payment processor — to handle subscription and top-up payments.
  • Email provider (Resend) — to deliver transactional and marketing emails.
  • Law enforcement — when required by valid legal process.

All sub-processors are contractually bound to process data only as instructed and to apply appropriate security measures.

6. International Transfers

Our servers are located in the United States. If you access the Service from the EEA, UK, or other regions with data-protection laws, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms for such transfers.

7. Data Retention

We retain your account data for as long as your account is active, plus a further 90 days after deletion to allow recovery. Scan data and findings are retained for the lifetime of your account. Payment records are retained for 7 years for tax and legal compliance. Server logs are retained for 30 days.

8. Cookies and Tracking

We use session cookies strictly necessary to keep you logged in and to protect against CSRF. We do not use third-party advertising trackers or analytics cookies that share data with ad networks. Our own analytics (if any) are privacy-respecting and do not fingerprint individual users.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@logicguard.dev. We will respond within 30 days.

10. Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, hashed passwords, rate limiting, and regular dependency audits. No method of transmission or storage is completely secure; we cannot guarantee absolute security but will notify you of any breach affecting your data as required by law.

11. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days in advance. The “Effective date” at the top reflects the latest revision.

13. Contact

Data controller: Adscod Ltd (trading as LogicGuard)

Email: privacy@logicguard.dev