Privacy Policy

Effective Date: March 23, 2026

1. Introduction

Cipherline LLC (“Company”, “we”, “us”, “our”) operates the XploitScan platform. We believe privacy is a right, not a feature. This Privacy Policy explains what data we collect, what we do with it, and what we don’t do with it. We’ve written this in plain language because we think you should actually be able to understand your privacy policy.

2. What We Collect

We collect the following types of data:

  • Account Information: When you sign up, we receive your name, email address, and profile information through Clerk, our authentication provider.
  • Scan Metadata: We store information about your scans including the date, time, number of findings, severity levels, and the types of vulnerabilities detected. This helps us show you your scan history and track trends.
  • Usage Statistics: We collect general usage data such as how often you use the Service, which features you use, and how you interact with scan results. This helps us improve XploitScan.
  • Billing Information: If you subscribe to the Pro plan, Stripe processes your payment information. We do not store your credit card number or full payment details on our servers.

3. What We Do NOT Collect

This is just as important as what we do collect:

  • We do not store your source code. When you submit code for scanning, it is processed in memory and immediately deleted. Your code is never written to disk, saved in a database, or retained in any form.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.
  • We do not use your code or scan data to train machine learning models.
  • We do not track you across other websites.

4. How We Use Your Data

We use the data we collect to:

  • Provide and operate the XploitScan scanning service
  • Display your scan history and vulnerability trends
  • Process payments and manage your subscription
  • Send you important service updates and security notifications
  • Improve the accuracy and performance of our scanning engine
  • Respond to your support requests
  • Comply with legal obligations

5. Third-Party Services

We use the following third-party services to operate XploitScan. Each has their own privacy policy:

  • Clerk — Authentication and user management. Clerk handles sign-up, sign-in, and session management. They receive your email address and profile information.
  • Stripe — Payment processing. Stripe handles all billing for Pro subscriptions. They receive your payment information directly; we never see your full card details.
  • Turso — Database hosting. Our application data (account info, scan metadata, results) is stored in Turso. Source code is never stored in the database.
  • Vercel — Application hosting. Our web application is deployed on Vercel. Vercel may collect standard server logs including IP addresses and request data.

6. Data Retention

We retain your data as follows:

  • Account data: Retained as long as your account is active. Deleted within 30 days of account closure.
  • Scan metadata and results: Retained as long as your account is active. You can delete individual scans at any time.
  • Source code: Never retained. Processed in memory and immediately deleted after scanning.
  • Payment records: Retained as required by tax and financial regulations, typically 7 years.

7. Cookies

We use a minimal number of cookies:

  • Essential cookies: Required for authentication and session management (set by Clerk). These are necessary for the Service to function.
  • Analytics cookies: We may use basic analytics to understand how the Service is used. These do not track you across other sites.

We do not use advertising cookies or share cookie data with advertisers.

8. Security Measures

We take security seriously (we are a security company, after all). Our measures include:

  • All data transmitted to and from XploitScan is encrypted using TLS/HTTPS
  • Source code is processed in isolated, ephemeral environments and never persisted
  • Access to production systems is restricted and audited
  • Authentication is handled by Clerk, an industry-leading auth provider
  • Payment data is handled entirely by Stripe, a PCI-compliant processor
  • We conduct regular security reviews of our own infrastructure

While we work hard to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in the event of a data breach.

9. Your Rights

You have the right to:

  • Access your data: Request a copy of all personal data we hold about you.
  • Export your data: Download your scan history and account information in a portable format.
  • Delete your data: Request deletion of your account and all associated data. We will process deletion requests within 30 days.
  • Correct your data: Update or correct any inaccurate personal information.
  • Withdraw consent: Where we rely on your consent for data processing, you can withdraw it at any time.

To exercise any of these rights, contact us at hello@xploitscan.com.

10. Children’s Privacy

XploitScan is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through the Service and update the effective date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact Cipherline LLC at hello@xploitscan.com.