Privacy Policy

1. What We Collect

• Account data: Email address and name when you sign up.
• Scan data: URLs you submit for scanning and the resulting findings. We do not store the source code of scanned applications.
• Usage data: Scan counts, feature usage, and browser type for product improvement.
• Payment data: Processed by LemonSqueezy. We never see or store your card number.

2. How We Use Your Data

• To provide and improve the NULLGAZE scanning service.
• To train your per-account FSRS-6 memory brain (your brain data is private to your account).
• To send transactional emails (scan results, password resets, billing).
• We do not sell your data. Ever.

3. Data Storage & Security

All data is stored in Supabase (PostgreSQL) with Row-Level Security enabled. Data is encrypted in transit (TLS 1.3) and at rest. Our infrastructure runs on Vercel and Supabase Cloud, both SOC 2 Type II certified.

4. Data Retention

• Free tier: Scan data retained for 24 hours.
• Starter: 30 days.
• Pro: 90 days.
• Team/Enterprise: 1 year+.
• You can delete your account and all associated data at any time from Settings.

5. Your Rights

You can request export or deletion of your data by emailing privacy@nullgaze.dev. We respond within 30 days. GDPR and CCPA rights apply where applicable.

6. Cookies

We use essential cookies only (authentication session). No tracking cookies, no third-party analytics, no ad pixels.

7. Contact

Questions about this policy? Email privacy@nullgaze.dev.