Privacy Policy
Version: 2026-06-10
1. Who We Are
WeCipher provides automated application security scanning and reporting tools. This Privacy Policy explains how we collect, use, store, and protect information when you use Cipher.
2. Information We Collect
Contact and billing information, including your email address and payment-related metadata from our payment processor.
Scan information, including the application URL, app or company name, uploaded logo, selected plan, scan status, access code, findings, scores, reports, risk registers, and remediation history.
Optional authentication information you provide for authenticated scans, including login URL, persona names, usernames, and encrypted passwords.
Technical and security information, including IP address, device/browser details, request timestamps, rate-limit events, logs, scanner output, and error diagnostics.
3. How We Use Information
To create, run, monitor, and deliver security scans, PDF reports, and risk registers.
To verify authorization, prevent abuse, enforce rate limits, secure downloads, process payments, send report emails, and provide support.
To improve the accuracy, reliability, security, and performance of Cipher.
4. Sensitive Scan Data
Security findings, evidence, credentials, and reports may contain sensitive information about your application. We handle this information as confidential operational data and restrict access to systems and personnel who need it to provide the service.
You should only submit credentials created specifically for testing. Do not submit production administrator credentials unless you understand and accept the risk.
5. Sharing and Processors
We do not sell your personal information. We may share information with service providers that help us operate Cipher, such as hosting, database, payment, email, logging, storage, scanner, and AI/report-generation providers.
We may disclose information if required by law, to enforce our Terms, to investigate abuse, or to protect WeCipher, customers, or third parties.
6. Retention
We keep scan records, reports, risk registers, access-code history, and operational logs for as long as needed to provide dashboard access, support remediation, meet legal obligations, prevent fraud, and improve the service.
You may request deletion of your information by contacting us. Some records may be retained where required for security, legal, payment, audit, or abuse-prevention reasons.
7. Security
We use administrative, technical, and organizational safeguards such as access controls, encrypted credential storage, private report downloads, rate limiting, and scanner target restrictions.
No system is perfectly secure. You are responsible for ensuring that any credentials or test accounts you provide are scoped appropriately and can be rotated or revoked.
8. Your Choices and Rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal information.
To make a privacy request, contact info@usewecipher.com. We may need to verify your identity before acting on a request.
9. International Transfers
Your information may be processed in countries other than your own by WeCipher and our service providers. Those countries may have different data protection laws.
10. Changes
We may update this Privacy Policy as Cipher evolves. The version shown on this page is the version you accept when creating a scan.
Questions? Contact info@usewecipher.com.