Privacy Policy

1. Information We Collect

We collect the following information to provide and improve our services:

• Uploaded smart contract source code — submitted for scanning purposes only
• License key and machine fingerprint — used for license validation and activation management
• Payment information — processed by Stripe; we never see or store your card details
• OpenAI API key — stored locally on the server if entered via Settings, used only to call OpenAI on your behalf

2. How We Use Your Data

• Uploaded code is analyzed in-memory and is not stored permanently after the scan completes
• License validation sends only: your license key, machine fingerprint, product version, and timestamp
• No source code, audit results, or personal data is transmitted to third parties
• OpenAI API keys are stored locally in an encrypted environment file and used only to call OpenAI on your behalf

3. Data Retention

• Scan results are available for download during your session and deleted afterward
• License activation records are retained for subscription management
• Payment records are managed by Stripe per their privacy policy

4. Third-Party Services

We use the following third-party services that may collect information as described in their respective privacy policies:

• Stripe (payment processing) — stripe.com/privacy
• OpenAI (AI Copilot, if configured by user) — openai.com/privacy

5. Your Rights

• You may request deletion of your data at any time
• You may request that your license activations be cleared
• Contact us: support@garrisonsec.com

6. Updates to This Policy

We may update this Privacy Policy from time to time. We will provide at least 30 days' notice before any material changes take effect. Continued use of Garrison Engine after changes become effective constitutes acceptance of the updated policy.