Privacy Policy

1. Data Controller

The data controller is Traflix, based in Italy. For any privacy-related inquiries, contact us at support@traflix.dev.

2. Data We Collect

Account Information

When you create an account, we collect your email address. If you sign up via a third-party provider, we also collect your name and avatar URL. Passwords are handled entirely by our authentication provider and are never stored in our database.

Scan Data

When you submit a scan, we collect the URL or repository URL you provide. For URL scans, we fetch the page content, HTTP headers, JavaScript bundles, and probe common endpoints. For repository scans, we access the codebase, file tree, and metadata you authorise us to scan.

Cookies

We set a single authentication cookie managed by our authentication provider to keep you logged in. This is a strictly necessary cookie. We do not use tracking cookies, analytics cookies, or any third-party cookies. A cookie consent banner allows you to accept or reject non-essential cookies — your choice is stored in localStorage.

3. How We Use Your Data

We use your data solely to provide and improve the Service:

  • Authenticate you and manage your account
  • Process scan requests and generate audit reports
  • Enforce usage limits based on your subscription plan
  • Improve scan accuracy by analyzing aggregate, anonymized patterns

We do not sell your personal data. We do not use your data for advertising or profiling.

4. Data We Do NOT Collect

  • IP addresses
  • Browser fingerprints or user agent strings
  • Geolocation data
  • Payment or financial information (no payment processor is integrated yet)
  • Session recordings or heatmaps

6. Analytics

We use Vercel Analytics and plan to use PostHog to analyze traffic patterns and improve the Service. These services are privacy-friendly and do not track you across websites. No personally identifiable information is collected through analytics.

7. Data Retention

Your data is retained for as long as your account is active. You can delete individual scan reports from your dashboard at any time — deleted report data is permanently removed. If you delete your account, all associated data (profiles, scans, reports, usage limits) is permanently deleted via database cascade.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access all personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Restrict or object to processing
  • Data portability

To exercise these rights, contact us at support@traflix.dev.

9. Payments

Payment data (such as card details) is handled directly by our payment processor and is never stored on DeepScan AI servers. We only retain your subscription plan and billing history.

10. Security

We implement industry-standard security measures including encrypted connections (HTTPS), secure session management, and database-level access controls to ensure users can only access their own data. However, no system is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or through the Service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, contact us at support@traflix.dev.