Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted)
• Account creation date

1.2 SBOM Files

When you upload SBOM files for analysis:

• We temporarily process the file contents to perform EOL checks
• SBOM files are not stored after processing
• Only aggregated usage statistics are retained

1.3 Usage Data

We collect basic usage information:

• API request timestamps
• Request counts and success/failure status
• IP addresses (for rate limiting and security)

2. How We Use Your Information

We use collected information to:

• Provide SBOM EOL checking services
• Manage your account and API keys
• Monitor API usage and enforce rate limits
• Prevent abuse and ensure service security
• Communicate service updates and important notices

3. Data Storage and Security

3.1 Data Storage

• Account data is stored in a secure PostgreSQL database
• Passwords are encrypted using bcrypt
• Database connections use SSL/TLS encryption

3.2 SBOM File Processing

• SBOM files are processed in memory only
• Files are never saved to disk or database
• Processing is completed within seconds

3.3 API Keys

• API keys are stored securely in the database
• Keys are only shown once upon creation
• You can revoke keys at any time from the dashboard

4. Third-Party Services

4.1 EOL Data

We retrieve end-of-life data from endoflife.date, a public API service. No user data is shared with this service.

4.2 Google OAuth (Optional)

If you choose to sign in with Google:

• We receive your email address and basic profile information
• This is governed by Google's privacy policy
• You can disconnect Google access at any time

4.3 reCAPTCHA (Optional)

We may use Google reCAPTCHA v3 to prevent abuse:

• Subject to Google's privacy policy
• Used only during registration and sensitive operations

5. Data Retention

• Account Data: Retained while your account is active
• Usage Statistics: Retained for up to 90 days
• SBOM Files: Not retained (processed in memory only)
• Logs: Retained for up to 30 days for security and debugging

6. Your Rights

You have the right to:

• Access: View your account data and usage statistics
• Correction: Update your email address or password
• Deletion: Request account deletion (contact us)
• Export: Request a copy of your data
• Revoke: Delete API keys at any time

7. Cookies and Tracking

We use minimal cookies for:

• Session management (required for login)
• Security (CSRF protection)

We do not use tracking cookies or third-party analytics.

8. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

• When required by law or legal process
• To protect our rights or prevent fraud
• With your explicit consent

9. Children's Privacy

Our service is not directed at children under 13. We do not knowingly collect information from children under 13.

10. International Users

Our service is hosted on Microsoft Azure. By using our service, you consent to the transfer and processing of your data in accordance with this privacy policy.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service constitutes acceptance of any changes.

12. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, please contact us at [email protected] or through the dashboard.