1. Data We Collect
We collect the following information when you use RouicScan:
- Account information: Name, email address, and organization name provided during registration.
- Source code: Code you submit for analysis, which is processed transiently and not stored beyond the scan lifecycle.
- Analysis results: Findings, metrics, and quality ratings generated from scans.
- Usage data: Pages visited, features used, and interaction patterns to improve the Service.
- Authentication tokens: OAuth tokens for Git provider integrations (GitHub, GitLab, Bitbucket).
2. How We Use Your Data
- Provide, maintain, and improve the RouicScan service.
- Run static analysis and AI-powered code reviews on your repositories.
- Generate quality metrics, dashboards, and trend reports.
- Send notifications about scan results, security alerts, and service updates.
- Diagnose technical issues and improve the accuracy of our analysis engines.
3. Data Storage and Security
Your data is hosted on Google Cloud Platform (GCP) infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Database backups are encrypted and retained for 30 days. We conduct regular security reviews and follow industry best practices for data protection.
4. Third-Party Services
We use the following categories of third-party services:
- AI analysis providers: Code snippets may be sent to AI providers (e.g., Anthropic, OpenAI) for analysis. Snippets are anonymized -- project names, file paths, and identifying information are stripped before transmission. We do not allow AI providers to train on your code.
- Git hosting providers: We integrate with GitHub, GitLab, and Bitbucket using OAuth to access repositories you explicitly authorize.
- Infrastructure: Google Cloud Platform for hosting and data storage.
5. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you.
- Export: Download your analysis results and account data in a machine-readable format.
- Correction: Update or correct inaccurate personal information.
- Deletion: Request deletion of your account and associated data. We will process deletion requests within 30 days.
- Portability: Transfer your data to another service.
To exercise any of these rights, contact us at privacy@rouic.com.
6. Data Retention
We retain your account data for as long as your account is active. Analysis results are retained for 12 months unless you request earlier deletion. Source code submitted for scanning is processed in memory and is not persisted to disk after scan completion.
7. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice within the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
8. Contact
For privacy-related questions or requests, contact us at privacy@rouic.com.