Privacy Policy

Prev-ent ("Prev-ent", "we", "us") is a SaaS tool that scans GitHub repositories for security vulnerabilities in AI-generated code. This policy describes what we collect, how we use it, and your rights.

Operator contact: hello@prev-ent.com.

Three categories:

• Account data: your GitHub username, GitHub user ID, profile name, profile image URL, and primary email — supplied by GitHub when you authenticate via OAuth.
• OAuth access token: an encrypted credential GitHub issues us, scoped to the permissions you granted. We use it only to (a) read your repository file list and contents during a scan, and (b) open a pull request when you explicitly request "Apply fix".
• Scan metadata + findings: per scan, we save the repo name, branch, file count, timestamps, and the structured vulnerabilities Claude identified (file path, line numbers, the specific snippet flagged, severity, our proposed fix).

We do not store the full source code of your repositories. File contents exist only in memory during the scan and are discarded as soon as Claude returns a response.

• To run the security scans you request
• To show you and only you your past scan reports
• To enforce the freemium scan quota
• To open a pull request on your repo when you click "Open pull request"
• To send you account-related emails (account confirmation, security notices). We do not send marketing email unless you opt in.

We do not sell your data. We do not use your code or findings to train AI models. We do not share data with advertisers.

• GitHub — for OAuth authentication and repository access.
• Anthropic (Claude API) — your code snippets are sent in a single API call per scan. Per Anthropic's commercial terms, API data is not used to train models and is retained for a maximum of 30 days for abuse review.
• Vercel — hosts the application and the Postgres database; standard cloud sub-processor terms apply.

We use a single session cookie issued by NextAuth (HTTP-only, Secure, SameSite=Lax) to keep you signed in. No third-party tracking cookies. No analytics cookies in V1.

• Account + scan history: until you delete your account.
• File contents: never stored. Discarded after the scan.
• Anthropic-side: max 30 days, per their terms.

• Access / export — email us and we'll send you a JSON dump of everything we have about you within 7 days.
• Delete — email us with the subject "Delete my account" and we will erase your account + all scan history within 7 days.
• Revoke GitHub access — instant, from github.com/settings/applications.
• EU residents: you have additional rights under GDPR (rectification, restriction, portability, objection). Contact us to exercise them.
• California residents: you have rights under the CCPA (right to know, delete, opt-out of sale — though we do not sell data).

Everything we store is encrypted at rest (AES-256 via the database provider) and in transit (TLS 1.3). We enforce HSTS, deny framing, and ship a strict Content Security Policy. See our security page for the full technical posture and how to report vulnerabilities.

Prev-ent is not intended for users under 13. We do not knowingly collect data from children.

If we make a material change, we'll email account holders and update the effective date above. Continued use after the effective date constitutes acceptance.

Privacy questions: privacy@prev-ent.com
Security disclosures: security@prev-ent.com
General: hello@prev-ent.com