ByteArmor LogoByteArmor

Privacy Policy

Effective Date: January 15, 2025

Our Data Commitments

Your code is NEVER used to train AI models

We do NOT sell your data to any third parties

All data is encrypted at rest and in transit

Your data is NOT used for advertising

Strict access controls and separation in storage

1. Introduction

ByteArmor ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered security code review service.

We take data privacy seriously and have designed our service with privacy-by-design principles. Your source code and personal information are protected with industry-leading security measures.

2. Information We Collect

2.1 Information You Provide

  • Account Information: GitHub username, email address, and profile picture from GitHub OAuth
  • Repository Data: Repository names, file contents for scanning, commit information
  • Payment Information: Processed securely through Stripe (we don't store card details)
  • Communication: Support tickets, feedback, and correspondence

2.2 Information Collected Automatically

  • Usage Data: Scan history, feature usage, performance metrics
  • Technical Data: IP address, browser type, device information, timezone
  • Cookies: Session cookies for authentication and preferences

2.3 Information We DON'T Collect

  • Passwords (authentication handled via GitHub OAuth)
  • Credit card details (handled by Stripe)
  • Unnecessary personal information

3. How We Use Your Information

We use your information solely to provide and improve ByteArmor's services:

3.1 Service Delivery

  • Perform security scans on your code repositories
  • Generate vulnerability reports and remediation guidance
  • Provide dashboard analytics and insights
  • Process payments and manage subscriptions

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Debug and fix technical issues
  • Develop new security detection capabilities
  • Respond to support requests

3.3 What We DON'T Do

  • We do NOT use your code to train AI models
  • We do NOT sell or rent your data to third parties
  • We do NOT use your data for advertising
  • We do NOT share your code with other users

4. AI Model Data Commitments

ByteArmor uses Large Language Models (LLMs) from trusted providers with strong privacy commitments:

4.1 Meta Llama Models

  • Your prompts and responses are NOT used for model training
  • Data is encrypted and isolated
  • Strict access controls are enforced
  • Learn more: Meta Llama Data Commitments

4.2 OpenAI Models

  • API inputs and outputs are NOT used for training
  • Zero data retention for business customers
  • SOC 2 Type II compliant
  • Learn more: OpenAI Business Data Policy

5. Data Storage and Security

5.1 Security Measures

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Control: Role-based access with multi-factor authentication
  • Infrastructure: Secure cloud infrastructure with SOC 2 compliance
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Auditing: Regular security audits and vulnerability assessments

5.2 Data Isolation

  • Each user's data is logically separated
  • Repository scans are isolated per user
  • No cross-contamination between accounts

5.3 Data Location

Your data is stored in secure data centers in the United States. We use industry-leading cloud providers with robust security certifications.

6. Data Retention

6.1 Active Accounts

  • Scan Results: Available while your account is active
  • Repository Metadata: Retained while repository is connected
  • Account Information: Retained for the duration of your account

6.2 Account Deletion

  • Immediate Deletion: All user data, scan results, and vulnerability reports are immediately and permanently deleted upon account deletion
  • No Retention Period: We do not retain any of your data after account deletion
  • Export Before Deletion: We recommend exporting your data before deleting your account as recovery is not possible

6.3 Code Scanning

Source code is only temporarily processed during scanning and is not permanently stored. Code snippets in vulnerability reports are part of your scan results and are deleted immediately upon account deletion.

7. Data Sharing and Disclosure

7.1 We NEVER Share Your Data For:

  • Marketing or advertising purposes
  • Sale to third parties
  • Training AI models
  • Competitive analysis

7.2 Limited Sharing Scenarios:

  • Service Providers: Stripe for payments, cloud infrastructure providers (under strict agreements)
  • Legal Requirements: When required by law, court order, or government request
  • Safety: To prevent fraud, abuse, or protect rights and safety
  • Business Transfers: In case of merger or acquisition (with same privacy protections)

8. Your Rights and Controls

8.1 You Have the Right To:

  • Access: Request a copy of your personal data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your scan results and reports
  • Restrict: Limit how we process your data
  • Object: Opt-out of certain data processing

8.2 How to Exercise Your Rights:

Contact us at [email protected] to exercise any of these rights. We'll respond within 30 days.

9. Cookies and Tracking

9.1 Essential Cookies:

  • Authentication tokens
  • Session management
  • Security features

9.2 Analytics:

We use privacy-focused analytics to understand usage patterns. No personal data is collected through analytics.

9.3 We DON'T Use:

  • Third-party advertising cookies
  • Cross-site tracking
  • Behavioral targeting

10. International Data Transfers

ByteArmor operates globally. By using our service, you consent to the transfer of your information to the United States. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses
  • Encryption in transit
  • Access controls

11. Children's Privacy

ByteArmor requires users to be at least 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we've collected data from a child under 13, we will delete it immediately. Users between 13 and 18 should have parental consent before using our service.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (Note: We don't sell data)
  • Right to non-discrimination for exercising privacy rights

13. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

  • Legal Basis: Contract performance and legitimate interests
  • Data Controller: ByteArmor is the data controller
  • Data Protection Officer: Contact at [email protected]
  • Rights: All rights under GDPR Articles 15-22

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Effective Date" at the top
  • Sending an email notification for significant changes

Continued use of ByteArmor after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: