Privacy Policy

Last updated: February 19, 2026

Trust Security ("Trust", "we", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Email addressCollected automatically via GitHub OAuth when you sign in.
GitHub usernameCollected automatically via GitHub OAuth when you sign in.
Scan targetsURLs or repository addresses you submit for scanning.
Scan resultsVulnerability findings generated when a scan runs.
Payment informationHandled directly by Paddle. Trust never stores card numbers or billing details.
Service logsError logs and aggregate usage metrics for debugging and improvement (no IP addresses).

2. How We Use Your Information

  • Providing and personalizing the Service.
  • Storing and displaying your scan history.
  • Managing your subscription and processing payments via Paddle.
  • Sending scheduled scan results and service notifications by email (Pro plan).
  • Diagnosing bugs and improving the Service.

3. Third-Party Services

We share data only with the following sub-processors, to the extent necessary to provide the Service:

Supabase

Database, authentication, and file storage. Servers in the United States.

Paddle

Payment processing and subscription management. Acts as Merchant of Record and manages all billing data directly.

Resend

Transactional email delivery (notifications, scheduled scan results).

Vercel

Frontend hosting and edge delivery.

Google Cloud Run

Backend API hosting in the asia-northeast3 (Seoul) region.

We do not sell your personal data or share it with third parties for marketing purposes.

4. Data Retention

Account informationUntil you request deletion.
Scan history12 months from your last activity.
Payment records5 years, as required by law.
Service logs90 days.

5. Security

We protect your data using HTTPS encryption in transit, Supabase Row Level Security (RLS) to enforce per-user data isolation, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Restrict or object to certain processing.
  • Receive your data in a portable format (JSON export).
  • Withdraw consent (where processing is based on consent).

To exercise any of these rights, email contact@trust-scan.me. We will respond within 7 business days.

7. Cookies and Local Storage

We use essential cookies and browser local storage solely to maintain your authenticated session. We do not use tracking or advertising cookies. We use Vercel Analytics for anonymous, aggregate traffic analysis with no personally identifiable information.

8. Children's Privacy

The Service is not directed to children under 14. If we become aware that we have collected personal information from a child under 14, we will delete it promptly. Contact us at contact@trust-scan.me if you believe this has occurred.

9. International Transfers

Your data may be transferred to and processed in countries outside your own, including the United States. We rely on Supabase's and our sub-processors' data processing agreements to provide appropriate safeguards for such transfers.

10. Changes to This Policy

We will notify you of material changes by email or in-app notice at least 7 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

Questions or requests regarding this policy:

Trust Security

Email: contact@trust-scan.me

Website: trust-scan.me