Privacy Policy

Last updated: November 16, 2025

1. Introduction

SyntaxValid ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our code validation and analysis service.

By using SyntaxValid, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account or authenticate using OAuth providers (Google, GitHub), we collect:

  • Email address
  • Name (if provided)
  • Authentication provider identifier (for OAuth users)
  • Account creation and last login timestamps

2.2 OAuth Data

When you sign in using Google or GitHub OAuth, we receive the following information from the provider:

  • Google: Email address, name, profile picture (if available)
  • GitHub: Email address, username, name (if available)

We only request the minimum necessary scopes to provide our service. We do not access or store your OAuth provider passwords or full account access.

2.3 Code Analysis Data

When you use our code validation service, we process:

  • Code diffs and function blocks (not full repositories)
  • Analysis results and reports
  • Policy configurations
  • Project metadata (names, descriptions)

All code is processed with PII (Personally Identifiable Information) stripping to protect sensitive information.

2.4 Usage Data

We automatically collect information about how you use our service, including API usage, feature usage, and error logs. This data is anonymized and used to improve our service.

3. How We Use Your Information

We use the collected information for:

  • Providing and maintaining our code validation service
  • Authenticating your identity and managing your account
  • Processing code analysis requests and generating reports
  • Communicating with you about your account and service updates
  • Improving our service and developing new features
  • Complying with legal obligations and preventing fraud

4. Data Sharing and Disclosure

4.1 Third-Party Services

We use the following third-party services that may process your data:

  • OpenAI and Anthropic: Code is sent to these services for LLM analysis. Code is not stored by these services and is only used for analysis purposes.
  • OAuth Providers (Google, GitHub): We use these services for authentication only. We do not share your data with them beyond what is necessary for authentication.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication using OAuth 2.0
  • Regular security audits and updates
  • Access controls and authentication requirements

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your personal information
  • Deletion: Request deletion of your account and data through the console settings or by contacting us
  • Data Portability: Request your data in a machine-readable format
  • Opt-out: Unsubscribe from marketing communications (account-related emails will still be sent)

To exercise these rights, please contact us at privacy@syntaxvalid.dev or use the account deletion feature in your dashboard settings.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Analysis results and reports are retained according to your configured retention settings (default: 30 days).

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Cookies and Tracking

We use essential cookies and local storage to:

  • Maintain your authentication session
  • Store your preferences
  • Improve service functionality

We do not use tracking cookies or third-party advertising cookies. You can control cookies through your browser settings.

9. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

SyntaxValid — The AI trust layer for your code