Security and data handling

AI analysis runs on Anthropic Fable 5 via the Anthropic API

The deep analysis layer that writes explanations and fix code runs on Anthropic Fable 5, Anthropic's newest model, via the Anthropic API. Anthropic's API terms prohibit training on API-submitted content. Your code is never used to train or improve any model.

A faster Anthropic tier handles the triage layer. Both AI layers receive only the confirmed finding and its surrounding code context, not your full codebase. External non-AI tools (secret-pattern matching, Semgrep, CVE lookup) run the deterministic Layer 1 scan with no AI involvement.

Ephemeral scans by default

Your code is loaded into memory, scanned, and the report is generated. The raw source code is never written to persistent storage and is deleted from memory when the scan completes.

This is a core architectural commitment, enforced at the infrastructure level. The optional 'save report' feature stores only the findings and severity data, never the source code itself.

Your code is never used for AI training

The AI layers in the scan pipeline process your code solely to generate your report. Your code is not stored, indexed, or used to fine-tune, train, or improve any AI model.

This applies to all AI providers used in the pipeline. Anthropic's API terms already prohibit training on API-submitted content. This commitment is enforced contractually and architecturally.

Your code never leaves the scan context

Each scan runs in an isolated context. Code from one scan cannot be accessed by another scan, another user, or any part of the system outside the active scan pipeline.

Encryption in transit

All data transmitted between your browser and the API is encrypted with TLS 1.2 or higher. HTTP connections are rejected or redirected to HTTPS.

Encryption at rest

Any data persisted to storage (account data, saved reports) is encrypted at rest using AES-256.

Least-privilege access

Internal services access only the data they need for their specific function. The scan worker has no access to account data; the account service has no access to scan payloads.

Audit logging

All access to user data and scan results is logged with timestamps, actor identity, and action type. Logs are retained for 90 days and stored separately from application data.

API keys handled securely

API keys are hashed before storage. The plaintext key is shown once at creation and never stored or retrievable again.

No card details stored. Stablecoin settlement via x402.

Payments use the x402 protocol: you pay in USDC stablecoin from your own self-custody wallet. No credit card number, billing address, or card token is ever stored. There are no chargebacks and no third-party payment processor holding your card data.

When a scan request exceeds the free tier, the API returns a standard 402 Payment Required response with the amount and recipient. Your client settles in USDC and retries with proof of payment. The scan runs. This flow is HTTP-native and does not require a payment account or signup.