Last updated: March 6, 2026
When you sign in with GitHub, we receive your GitHub username, email address, and a list of repositories you grant access to. When you purchase a scan, Stripe collects your payment information directly — we never see or store your card number, CVC, or billing address.
We use your GitHub identity to authenticate you, display your repositories, and associate scan reports with your account. Your email address may be used to send transactional messages such as scan completion notifications and payment receipts.
Your code is never stored permanently. When you initiate a scan, we clone your repository into an isolated environment, run the security analysis, and delete all cloned files within 10 minutes of scan completion. Raw source code is never sent to third-party AI models — only structured vulnerability metadata is used for report generation.
Scan reports (PDF files) are retained for 90 days so you can re-download them. After 90 days, reports are permanently deleted. Account information is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.
We rely on the following third-party services to operate ShipShield:
Each service is subject to its own privacy policy. We share only the minimum data required for each service to function.
We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.
All data is transmitted over HTTPS. Repository clones are processed in isolated environments and deleted promptly. Database access is restricted and encrypted at rest. We follow industry-standard practices to protect your information.
You may request access to, correction of, or deletion of your personal data at any time. You can revoke ShipShield's access to your GitHub repositories through your GitHub settings. To exercise any of these rights, contact us at hello@shipshield.dev.
We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.
For questions about this privacy policy or how we handle your data, contact us at hello@shipshield.dev.