Privacy Policy

We do not store your raw source code on our servers. Your repositories remain under your control; RunSec is designed so that full file contents are not persisted in the Hub as part of normal operation.

Code analysis happens locally via the RunSec MCP server in your IDE or CI environment. Only metadata and finding summaries — such as severity, rule identifiers, file paths, line references, and proof-of-concept snippets you choose to include — are synced to RunSec Hub for reporting and collaboration.

All data in transit between your environment and RunSec Hub is protected with TLS encryption. Finding payloads submitted to the Hub are HMAC-sealed so we can detect tampering and verify authenticity of uploaded reports.

We use minimal telemetry to improve scan accuracy and product reliability — for example, aggregate error rates, rule performance signals, and anonymized usage patterns. We do not sell personal data, and we do not use telemetry to reconstruct your source code.

Questions about this policy? Email [email protected].