Privacy Policy

Last updated: November 3, 2025

Our Privacy Commitment

At Alprina, we believe your code is your most valuable asset. We've built our platform with privacy at its core—your source code never leaves your infrastructure unless you explicitly choose remote scanning, and even then, it's encrypted end-to-end.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Company name (optional)
  • Billing information (processed by our payment provider)

Usage Information

We collect anonymized usage data to improve our service:

  • Number of scans performed
  • Types of vulnerabilities detected (not specific code)
  • CLI version and operating system
  • Feature usage patterns
  • Error logs (without sensitive data)

What We DON'T Collect

  • Your source code (for local scans)
  • File names or directory structures (unless remote scan)
  • Environment variables or secrets
  • Personally identifiable information from your code

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Alprina service
  • Send you security scan results and reports
  • Improve our vulnerability detection algorithms
  • Communicate important service updates
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We will never sell your data to third parties. Ever.

3. Data Storage and Security

Local Scans

For local scans (default mode), all processing happens on your machine. Your code never leaves your infrastructure. Only anonymized metadata about vulnerabilities found is transmitted.

Remote Scans

If you opt-in to remote scanning:

  • Code is encrypted end-to-end during transmission
  • Processed in isolated, ephemeral containers
  • Deleted immediately after scan completion
  • Never stored on disk or in databases
  • Only scan results are retained

Security Measures

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • SOC 2 Type II compliant infrastructure
  • Multi-factor authentication support
  • Role-based access controls

4. Data Retention

We retain different types of data for different periods:

  • Account data: Until you delete your account
  • Scan results: 90 days (configurable per plan)
  • Usage statistics: Anonymized and retained indefinitely
  • Source code: Never stored (remote scans processed in memory only)
  • Billing records: As required by law (typically 7 years)

You can request deletion of your data at any time by contacting privacy@alprina.com.

5. Third-Party Services

We use carefully selected third-party services:

  • Payment processing: Stripe (PCI-DSS compliant)
  • Infrastructure: AWS (SOC 2 compliant)
  • Analytics: Anonymized usage data only
  • Email: SendGrid (for transactional emails)

These services have access only to the minimum data necessary to perform their functions and are bound by strict confidentiality agreements.

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Export: Download your scan results in portable formats
  • Opt-out: Unsubscribe from marketing emails
  • Object: Object to certain data processing

To exercise any of these rights, contact privacy@alprina.com. We'll respond within 30 days.

7. Cookies and Tracking

We use minimal cookies and tracking:

  • Essential cookies: Authentication and session management
  • Analytics: Anonymized usage statistics (can be disabled)
  • No advertising cookies: We don't use advertising trackers

You can control cookie preferences in your browser settings. The CLI does not use cookies.

8. International Data Transfers

Alprina operates globally. Your data may be processed in countries where we or our service providers operate. We ensure appropriate safeguards are in place for international transfers:

  • EU Standard Contractual Clauses (SCCs)
  • GDPR compliance for EU users
  • CCPA compliance for California users
  • Data residency options for enterprise customers

9. Children's Privacy

Alprina is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • CLI notification on next use

Continued use of Alprina after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices:

  • Email: privacy@alprina.com
  • Data Protection Officer: dpo@alprina.com
  • Website: https://alprina.com/contact

For EU users, you also have the right to lodge a complaint with your local data protection authority.

GDPR Compliant

Full compliance with European data protection regulations

SOC 2 Type II

Independently audited security and availability controls