Privacy Policy

1. Information We Collect

• Account data: Email address and encrypted password (via Supabase Auth)
• Audit data: Solidity source code or contract addresses you submit for scanning
• Usage data: Number of scans, scan types, timestamps
• Billing data: Subscription status managed by Stripe — we do not store card numbers

2. How We Use Your Data

• To provide and improve the scanning service
• To send audit result notifications via email
• To enforce rate limits and tier quotas
• To process payments and manage subscriptions

We do not sell your data to third parties. We do not use your submitted contract code for AI training.

3. Data Storage

Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure in the EU region. Audit results are retained for 90 days by default. You can delete your audits at any time from the dashboard.

4. Third-Party Services

• Supabase — database and authentication
• Stripe — payment processing
• OpenRouter / Anthropic — AI analysis (contract code is sent for analysis)
• Resend — transactional email delivery
• Etherscan — fetching verified on-chain contract source

5. Shared Reports

If you generate a public share link for an audit, that report becomes accessible to anyone with the link. You can revoke sharing at any time from the audit page.

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to processing or request restriction
• Data portability

To exercise these rights, email privacy@contractauditor.app

7. Cookies

We use only functional cookies required for authentication (session tokens stored in localStorage). We do not use tracking or advertising cookies.

8. Contact

Privacy questions: privacy@contractauditor.app