Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how VaultScan handles information when you use the website and the security-analysis service (the “Service”). VaultScan is operated by Omniselect di Nicola Alessi, VAT IT13233920969 (the “data controller”, “we”, “us”). For any privacy request you can contact us at omniselect.ita@gmail.com.

No cookies, cookieless analytics

VaultScan does not use cookies. We set no advertising, profiling, or cross-site tracking cookies of our own. For aggregate, privacy-friendly usage statistics we use Litlyx, a cookieless analytics tool that does not store cookies on your device and does not build advertising profiles. It records anonymous events (such as page views and button clicks) so we can understand how the site is used and improve it.

Because we use no cookies, no cookie-consent banner is required for our own technologies. Third-party services you are redirected to (for example Stripe during checkout) operate under their own policies.

What we collect and why

  • Your email address — provided at upload, used solely to deliver your security report and related service messages.
  • Your uploaded project (ZIP) — stored temporarily in encrypted object storage only for as long as the analysis takes, then deleted. We never read your source code for any purpose other than producing your report, and we never persist it.
  • Scan metadata — file count, pricing tier, job status and the final report. Used to operate the Service and let you retrieve your report.
  • Anonymous usage analytics — cookieless events via Litlyx, as described above.
  • Payment information — handled entirely by Stripe. We never receive or store your card details.

Service providers (processors)

We rely on a small set of vendors to run the Service. Each processes data only as needed:

  • Stripe — payment processing.
  • Cloudflare R2 — temporary, encrypted storage of your upload.
  • Supabase — database for job metadata and reports.
  • Anthropic — AI models that perform the security analysis.
  • Resend — delivery of your report email.
  • Litlyx — cookieless, aggregate analytics.

Some providers may process data outside the EU/EEA; where that happens it is covered by appropriate safeguards (such as Standard Contractual Clauses).

Legal bases (GDPR)

We process your email and upload to perform our contract with you (delivering the scan you requested). We process anonymous analytics on the basis of our legitimate interest in understanding and improving the Service.

Retention

Your uploaded source code is deleted as soon as the analysis completes. The security report and minimal job metadata may be retained for up to 30 days so you can retrieve it, after which it can be deleted. You may request deletion at any time.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, and to object to processing. To exercise any right, email omniselect.ita@gmail.com with your scan ID. You also have the right to lodge a complaint with your local data protection authority (in Italy, the Garante per la protezione dei dati personali).

Changes

We may update this policy as the Service evolves. Material changes will be reflected by updating the “last updated” date above.