Privacy Policy

GhostCred ("we") provides automated credential and non-human identity risk scanning. This policy explains what we collect and how we handle it. This is a starter template — review with counsel before production use.

What we collect

Your email address, the repository URL or file you submit for scanning, and the resulting findings. We also store payment metadata returned by Stripe (customer and subscription identifiers) — never card numbers.

How we handle secrets

Secret values detected during a scan are redacted to the first four characters before anything is written to our database or included in a report. Uploaded files are processed to produce your report and are not retained as raw content afterward.

Sub-processors

We use Supabase (database, storage, authentication), Stripe (payments), Anthropic (AI analysis), Resend (email delivery), and Vercel (hosting).

Your choices

Request deletion of your scans and account data any time by emailing support@ghostcred.io.