Privacy Policy

Last Updated: January 2, 2026

At VerWhisker, we believe security tools should not compromise your intellectual property. This Privacy Policy outlines how we handle your data, with a strict focus on data minimization.

1. Data Collection & Usage

The "No Code Storage" Principle

VerWhisker acts as a metadata analyzer. We strictly adhere to the following principles:

  • No Persistent Storage of Code: Scanning is performed locally on your machine (CLI). When you upload results to our Cloud Dashboard, we only receive the scan report, not your source code files.
  • Metadata Only: We store package names, versions, integrity hashes, and vulnerability identifiers. We do not store your proprietary business logic or source code content.
  • Exclusion of Secrets: While VerWhisker may detect potential secrets (e.g., API keys, passwords) locally on your machine, we do not transmit or store the actual content of these secrets on our servers. The Cloud Dashboard only receives a redacted indicator or hash without the secret value itself.
  • Token Security: API tokens are used solely for authentication and authorization. They are stored securely and never logged in plain text.

Personal Information

When you purchase a license or create an account, we collect:

  • Email address (for account identification and login).
  • Payment history (processed securely via Lemon Squeezy; we do not store full credit card numbers).

2. How We Use Your Data

We use the metadata collected to:

  • Generate security reports and dashboards for your account.
  • Verify the integrity of packages against official registries.
  • Improve the accuracy of our vulnerability detection engine.

3. Data Retention

Scan results uploaded to the Cloud Dashboard are retained for the lifetime of your account to provide historical trend analysis. You may request deletion of your account and all associated data at any time by contacting support.

4. Third-Party Services

We utilize the following trusted third-party services:

  • Google Cloud Platform: For hosting our API and database infrastructure.
  • Lemon Squeezy: As our Merchant of Record for payment processing.
  • Cloudflare: For content delivery, caching, and security protection.

5. Cookies and Tracking

We use essential cookies to maintain your login session and secure the application (via Cloudflare). We may also use anonymous analytical cookies to understand product usage patterns. We do not use cookies for advertising purposes.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@verwhisker.com.