We treat your code like it’s our own.

This page is a summary. The legally-binding version is in our DPA, available to all paying customers on request at privacy@dissect.security.

What we collect

Account data (email, name, organization), repository metadata (names, install ids), and the findings Dissect produces. We do not retain customer source code beyond the ephemeral scan worker that processes it.

What we do not collect

We do not train models on your code. We do not sell your data. We do not embed third-party trackers on authenticated pages.

Data retention

Scan results: indefinite, deletable on request. Source code: deleted when the scan worker terminates. On the Free tier, typically under ten minutes after upload. Paid tiers may retain encrypted scan inputs up to twenty-four hours for debugging.

Your rights

Access, correction, erasure, portability, and objection to processing. Email privacy@dissect.security or use the in-app export and delete flow on the Account page.