Privacy Policy
Last Updated: December 16, 2025
1. Our Data Architecture (Local Execution)
Vigilcap operates on a "Local-First" architecture.
- Source Code: Your proprietary source code is scanned locally on your device. It
is NOT uploaded to Vigilcap servers.
- Metadata: Only anonymized metadata (file names, complexity scores, dependency
lists) is processed to generate the report.
2. AI Processing & Data Retention
Vigilcap utilizes third-party Large Language Models (LLMs) via API (e.g., OpenAI) to analyze
metadata.
- Zero Training: Your data is NOT used to train AI models.
- Retention: Metadata sent to the API is subject to the retention policies of the
API provider (typically 30 days for abuse monitoring) but is not persisted by Vigilcap.
3. Payment Information
We do not store credit card details. All transactions are processed by secure third-party payment
processors (Stripe).
4. Report Validation
We store a cryptographic hash (HMAC) of generated reports to allow for authenticity verification. We
do not store the full content of the reports unless explicitly authorized for support purposes.