Privacy Commitment

Zero Code Storage Policy

ShieldX is built on a fundamental principle: your code is yours alone. We never store, log, cache, or retain any source code you submit for analysis.

How It Works

When you submit code to any ShieldX scanner, the following process occurs:

Submission

Your code is transmitted to our servers via HTTPS (TLS 1.2+). The encrypted payload never touches disk — it goes directly into memory.

In-Memory Analysis

Our scanning engines process your code entirely in RAM. Pattern matching, entropy analysis, and vulnerability detection all happen in volatile memory.

Results Generation

Scan findings (vulnerability types, line numbers, severity ratings) are compiled into a results object. This object contains NO source code — only metadata about findings.

Immediate Disposal

Once results are returned to your browser, the in-memory code buffer is zeroed out and released. No code is written to disk, database, log file, or any persistent storage.

Session Delivery

Results are delivered directly to your browser session via HTTPS. We do not retain copies of scan results on our servers.

What We Never Do

Store your source code in any database

Write code to disk or persistent storage

Log code snippets in server logs

Cache code for future analysis

Share code with any third party

Train AI/ML models on your code

Create backups containing user code

Retain scan results on our servers

What We Do

Encrypt all data in transit via TLS 1.2+

Process code exclusively in volatile memory

Zero-out memory buffers after analysis

Return only metadata findings (no code)

Enforce HSTS with 1-year minimum max-age

Implement SOC 2 Type II security controls

Regular third-party security audits

GDPR-compliant data handling practices

Third-Party API Calls

The ShieldX Dependency Scanner queries the Google OSV.dev API to check for known vulnerabilities. Here's what's shared:

Only package names and version numbers are sent to OSV.dev — never your source code
OSV.dev is a public, open-source vulnerability database maintained by Google
No authentication tokens, API keys, or proprietary data is included in the request

The API Scanner sends standard HTTP requests to URLs you explicitly provide and analyzes the response headers. It does not access any endpoints you have not specifically submitted.

Common Questions

Can I use ShieldX with proprietary/classified code?

Yes. Since no code is stored or transmitted beyond our secure analysis environment, ShieldX is safe for proprietary, classified, and sensitive source code.

What happens if your server crashes during a scan?

In the unlikely event of a server crash, all in-memory data (including your code) is lost. Since code is never written to disk, there is nothing to recover or leak.

Do you have access to my code during the scan?

The scanning is fully automated. No human has access to your code at any point. Your code exists only in an isolated memory space during the scan.

Can law enforcement or governments request my code?

Since we do not store your code, we have nothing to provide in response to any legal request. We cannot produce what we do not have.

How can I verify this policy?

We welcome security researchers to audit our infrastructure. Contact us for details about our third-party audit reports and security certifications.

Your Code Stays Yours

Start scanning with confidence. ShieldX gives you enterprise-grade security analysis without compromising your intellectual property.

Open ShieldX Full Privacy Policy