Legal
Privacy Policy
Last updated: June 24, 2026
Scanverra ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use scanverra.com, how we use it, and your rights regarding that information.
1. Information We Collect
Account Information
When you sign in via Google, GitHub, or email, we receive your name, email address, and profile picture. This is used to create and manage your account.
Usage Data
We store the URLs you audit, scan results (scores, issues, recommendations), AI chat messages, and usage counters per tool. This data is associated with your account so you can access your scan history.
Repository Tokens
If you connect GitHub, Bitbucket, or Azure DevOps, we store OAuth access tokens so the Repo Scanner can read your code. These tokens are stored securely and used only to perform scans you initiate.
Billing Information
We do not store your credit card, UPI, or banking details. Payments are processed by Razorpay. We store your Razorpay customer ID, subscription ID, plan ID, and subscription status solely to manage your plan and access level.
Technical Data
We collect standard web server logs including IP addresses, browser type, and referring URLs for security and analytics purposes. We use Google Analytics to understand aggregate usage patterns (anonymised).
2. How We Use Your Information
- To provide, operate, and improve the Service.
- To associate scan results and history with your account.
- To manage your subscription and billing through Razorpay.
- To send transactional emails (scan alerts, account notifications, payment confirmations).
- To respond to support requests.
- To detect and prevent fraud, abuse, or violations of our Terms.
- To comply with legal obligations.
We do not sell your personal data to third parties. We do not use your scan data to train AI models.
3. Third-Party Services
We share data with the following third parties only as necessary to operate the Service:
Razorpay Privacy Policy ↗
Payment processing and subscription management. Razorpay handles all card, UPI, netbanking, and wallet transactions. Your payment data is governed by Razorpay's Privacy Policy.
Google (Sign-In & PageSpeed Insights) Privacy Policy ↗
OAuth sign-in and website performance data for audit fallbacks. Governed by Google's Privacy Policy.
GitHub / Bitbucket / Azure DevOps Privacy Policy ↗
Repository access for the Repo Scanner, only when you connect your account.
Neon (database) Privacy Policy ↗
Stores your account data and scan results on secure managed PostgreSQL.
Vercel Privacy Policy ↗
Hosts the Service. Vercel may log request data per their Privacy Policy.
Google Analytics Privacy Policy ↗
Aggregate, anonymised analytics to understand how the Service is used.
4. Cookies
We use a single session cookie for authentication (NextAuth.js). We do not use third-party advertising cookies. Google Analytics uses its own cookies to track aggregate visitor behaviour - you can opt out via the Google Analytics opt-out browser add-on.
5. Data Retention
We retain your account data and scan history for as long as your account is active. Scan results are subject to per-plan history limits (e.g. last 5 scans on the Free plan, last 20 on Pro). If you delete your account, we delete your personal data within 30 days, except where retention is required by law.
Repository access tokens are deleted immediately when you disconnect an integration from your account settings.
6. Security
We use industry-standard security practices: HTTPS-only connections, encrypted database storage, hashed API keys, and role-based access controls. Payment data never touches our servers - it is handled entirely by Razorpay's PCI-DSS compliant infrastructure. No system is completely secure, but we take reasonable measures to protect your data.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Object to or restrict certain processing.
- Data portability (receive your data in a machine-readable format).
To exercise any of these rights, contact us at support@scanverra.com. We will respond within 30 days.
8. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
9. International Data Transfers
Our Service is operated from India. By using Scanverra, you consent to the transfer and processing of your data in India and any other countries where our third-party providers operate (including the United States and EU). We rely on our third-party providers' compliance programmes for cross-border transfers (e.g. Vercel's Standard Contractual Clauses for EU data).
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, by email. Continued use of the Service after changes means you accept the updated policy.
11. Contact
If you have questions about this Privacy Policy or a data-related request, contact us via the Support page or at support@scanverra.com.