Aeglyn Logo
AEGLYN

Privacy Policy

Last Updated: January 18, 2026

At Aeglyn, privacy isn't just a feature—it's our foundation. This Privacy Policy explains how our privacy-first code security platform collects, uses, and protects your data when you use our AI vulnerability scanner and developer tools.

Our Privacy Promise

We built Aeglyn for developers who care about security and privacy. We process your code temporarily to provide vulnerability scanning, but we never store your source codepermanently. Your code is yours, and it stays yours.

1. Data Controller Information

Aeglyn ("we", "us", or "our") is the data controller responsible for your personal information. For privacy-related inquiries, contact us at:

Privacy Contact: privacy@aeglyn.site

Data Protection Officer: dpo@aeglyn.site

Website: https://aeglyn.site

2. What Data We Collect

Our privacy-first developer tool collects minimal data necessary to provide our code security platform:

Account Information

  • GitHub username and profile information (via OAuth)
  • Email address (from GitHub or provided separately)
  • Account creation and last login timestamps
  • Subscription tier and billing information (for paid plans)

GitHub OAuth Security Data

  • OAuth access tokens (encrypted and stored securely)
  • Repository access permissions you grant us
  • GitHub user ID and organization memberships
  • Token expiration and refresh data

Note: OAuth tokens are encrypted at rest and in transit. We never log or expose these tokens in plain text.

Repository Metadata

  • Repository names, descriptions, and languages
  • Repository visibility (public/private)
  • File paths and directory structures (not file contents)
  • Commit hashes and branch names for scanned versions
  • Repository size and last updated timestamps

Scan Results and Metadata

  • Vulnerability findings (type, severity, location)
  • AI-generated explanations and remediation suggestions
  • Scan timestamps and duration
  • Historical scan trends and statistics
  • User actions on findings (dismissed, resolved, etc.)

Usage and Analytics Data

  • Feature usage patterns (which tools you use most)
  • API request counts and rate limit tracking
  • Error logs and debugging information (anonymized)
  • Performance metrics (scan speed, response times)
  • Browser type, device type, and general location (country-level)

3. What We DON'T Store

This is what makes us a Zero-Log AI Vulnerability Scanner 2026 with a Zero-Knowledge AI app sec pipeline:

  • Your Source Code (Offline processing): We process your code in-memory during scans but never store it permanently. Our offline AI code scanner ensures no file ever persists on our cloud. Once the scan completes, your code is immediately discarded.
  • AI Prompts or Queries: We don't log the specific code snippets sent to our AI models for analysis.
  • OAuth Tokens Long-Term: Tokens are encrypted and rotated regularly. When you revoke access or delete your account, tokens are immediately invalidated.
  • Secrets or Credentials: If our scanner detects API keys, passwords, or tokens in your code, we alert you but never store the actual secret values.
  • Unnecessary Personal Data: We don't collect browsing history, social media activity, or any data unrelated to providing our code security service.

4. How We Use Your Data

We use collected data exclusively to provide and improve our AI vulnerability scanner:

  • Service Delivery: Authenticate users, scan repositories, generate vulnerability reports, and provide AI-powered security insights
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Communication: Send scan results, security alerts, and important service updates
  • Improvement: Analyze usage patterns to enhance our AI models and developer tools
  • Compliance: Meet legal obligations and respond to lawful requests
  • Support: Respond to your questions and troubleshoot issues

We never sell your data to third parties or use it for advertising purposes.

5. GitHub API Integration

Our GitHub OAuth security integration is central to how Aeglyn works:

OAuth Permissions

When you connect your GitHub account, we request the following permissions:

  • repo - Read access to your repositories for scanning
  • user:email - Access to your email for account management
  • read:org - Read organization membership (for team features)

GitHub API Usage

We use GitHub's API to:

  • Fetch repository contents temporarily for vulnerability scanning
  • Read repository metadata and file structures
  • Access commit history for tracking scan coverage
  • Verify repository access permissions

All GitHub API requests are made on your behalf using your OAuth token. We comply with GitHub's API terms and rate limits.

Revoking Access

You can revoke Aeglyn's access to your GitHub account at any time:

  1. Go to GitHub Settings → Applications → Authorized OAuth Apps
  2. Find "Aeglyn" and click "Revoke"
  3. Alternatively, disconnect from your Aeglyn account settings

Revoking access will prevent future scans but won't delete your Aeglyn account or historical scan results. To delete all data, see Section 9.

6. Data Retention

We retain data only as long as necessary for our privacy-first developer tool to function:

Data TypeRetention Period
Source Code0 seconds - Processed in-memory only
OAuth TokensUntil revoked or account deleted
Scan ResultsUntil you delete them or close your account
Account DataUntil account deletion + 30 days for backups
Usage AnalyticsAggregated data retained indefinitely (anonymized)
Error Logs90 days (anonymized after 30 days)

7. GDPR and Your Rights

Aeglyn is GDPR-compliant. If you're in the EU/EEA, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@aeglyn.site. We'll respond within 30 days.

8. Data Security

Security is at the core of our code security platform. We protect your data with:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Token Security: OAuth tokens encrypted with separate keys, rotated regularly
  • Access Controls: Role-based access, principle of least privilege
  • Infrastructure: Hosted on secure, SOC 2 compliant cloud providers
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security audits and penetration testing
  • Incident Response: Documented procedures for security breaches

While we implement industry-standard security measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@aeglyn.site.

9. Third-Party Services

Aeglyn integrates with select third-party services to provide our AI vulnerability scanner:

GitHub

For OAuth authentication and repository access. See GitHub's Privacy Policy.

Cloud Infrastructure

We use secure cloud providers for hosting and data storage. All providers are SOC 2 compliant and GDPR-ready.

AI Model Providers

Our AI models may use third-party inference APIs. Code snippets sent to AI providers are anonymized and not stored by them.

Analytics

We use privacy-focused analytics (no cookies, no tracking across sites) to understand feature usage and improve our developer tool.

We carefully vet all third-party services and ensure they meet our privacy standards. We never share your source code with third parties.

10. Cookies and Tracking

As a privacy-first developer tool, we minimize cookie usage:

Essential Cookies

Required for authentication and basic functionality:

  • Session cookies (expire when you close your browser)
  • Authentication tokens (encrypted, httpOnly, secure)
  • CSRF protection tokens

Analytics Cookies

We use minimal, privacy-focused analytics:

  • No third-party tracking (no Google Analytics, Facebook Pixel, etc.)
  • No cross-site tracking or fingerprinting
  • Aggregated, anonymized usage data only

You can disable cookies in your browser settings, but this may affect functionality.

11. Children's Privacy

Aeglyn is not intended for users under 18. We do not knowingly collect data from children. If you believe we've inadvertently collected data from a minor, contact us immediately at privacy@aeglyn.site, and we'll delete it promptly.

12. International Data Transfers

Aeglyn operates globally. Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • GDPR-compliant data processing agreements with all vendors
  • Encryption in transit and at rest for all cross-border transfers
  • Regular compliance audits and certifications

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We'll notify you of material changes via:

  • Email notification to your registered address
  • In-app notification when you next log in
  • Updates to this page with a new "Last Updated" date

Continued use of Aeglyn after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

14. Contact for Data Requests

To exercise your privacy rights or request data deletion, contact us:

Data Access Request

Email privacy@aeglyn.site with subject "Data Access Request"

Data Deletion Request

Email privacy@aeglyn.site with subject "Data Deletion Request" or delete your account in settings

GDPR Complaints

Contact our Data Protection Officer at dpo@aeglyn.site

General Privacy Questions

Email support@aeglyn.site

We'll respond to all requests within 30 days. For urgent matters, please mark your email as "Urgent."

15. Your Privacy Controls

You have full control over your data in Aeglyn:

Account Settings

Update your profile, email preferences, and notification settings

Repository Access

Choose which repositories Aeglyn can scan

Scan History

View and delete individual scan results

Data Export

Download all your data in JSON format

OAuth Management

Revoke GitHub access at any time

Account Deletion

Permanently delete your account and all associated data

At Aeglyn, we're committed to being the most privacy-first code security platform for developers. Your code is yours, your data is protected, and your privacy is non-negotiable.

Questions? Reach out to privacy@aeglyn.site