Privacy Policy

What we collect

• CLI scans: Nothing. The CLI runs on your machine and stays there. It doesn't phone home or send us anything.
• URL scanner: When you enter a URL in the web scanner, we send it to our server for the HTTP checks. Once results come back to your browser, we discard everything. No logs, no history.
• Authentication: If you create an account, Supabase (our auth provider) stores your email to manage your session. That's it.
• Payments: Lemon Squeezy handles billing. Your card details go directly to them. We never see or store them.

What we don't collect

Your source code, scan results, file contents, dependency trees. None of that ever reaches us. There's no telemetry in the CLI, no analytics on this site, and no tracking pixels. We built a security tool. It would be hypocritical to spy on you.

Cookies

If you sign in, we set one auth cookie so the site remembers you. That's the only cookie. No tracking, no ads, no third-party analytics.

Third-party services

We use three external services:

• Supabase for authentication and account data.
• Lemon Squeezy for subscriptions and payments.
• Vercel for hosting and serverless functions.

Each operates under its own privacy policy.

Data retention

URL scan results exist in memory for a few seconds, then they're gone. Account info (email, subscription status) stays as long as your account is active. Delete your account and we delete everything tied to it.

Your rights (GDPR)

You can ask us to show you what data we have, correct it, or delete it. Email privacy@bastion.wiki and we'll respond within 30 days.

Questions

Email privacy@bastion.wiki and we'll clarify anything.