Privacy Policy

Last updated: March 25, 2026

Short version: We collect minimal data. Your smart contract source code is never stored. We do not sell or share your data for advertising.

Applicable Privacy Frameworks

This policy is designed to comply with:

  • Korean PIPA (Personal Information Protection Act) — as the operator is registered in the Republic of Korea
  • EU GDPR — for users accessing the Service from within the European Economic Area. Where GDPR applies, you have rights of access, rectification, erasure, restriction, portability, and objection
  • California CCPA — for California residents, we do not sell personal information as defined under CCPA

Data We Collect

  • Session identifiers — anonymous, cookie-based, used to track free scan quota per browser session
  • Scan usage statistics — count and timestamps, aggregated and anonymized
  • IP address — used for rate limiting only; not stored beyond the immediate request window
  • Payment information — processed entirely by LemonSqueezy; we receive only a license key and subscription status, not card details

Data We Do NOT Collect

  • Smart contract source code — processed ephemerally and deleted after each scan; never stored, logged, or used for training
  • Personal identification — we do not require name, email, or any identifying information to use the Service (email is only collected if you contact us directly)
  • API keys (BYOK) — single-use only, never stored

Data Retention

  • Session data: retained for the duration of the browser session; expires on cookie expiry
  • Aggregated scan statistics: retained indefinitely in anonymized form for service improvement
  • Payment records: retained as required by Korean tax law (generally 5 years)
  • IP rate-limiting data: not retained beyond the request window

Third-Party Services & Data Transfers

  • LemonSqueezy — payment processing; governed by their privacy policy; data may be stored in the United States
  • Anthropic Claude API / Google Gemini API — your code is sent to these providers solely for analysis under their enterprise API terms; it is not used for model training and is subject to their respective privacy policies. These services may process data outside Korea

Where data is transferred outside the Republic of Korea or the EEA, we rely on the relevant provider's standard contractual clauses or adequacy decisions as the legal transfer mechanism.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete any personal data we hold about you. Because we collect minimal identifiable data, most requests can be satisfied by clearing your browser cookies. For other requests, contact us at the address below.

Contact

For privacy-related inquiries or to exercise your data rights, please use one of the following:

We aim to respond within 30 days.