Privacy

Last updated: 2026-04-29 — placeholder. The final policy ships with v1.0 launch and will be reviewed by counsel.

What we collect

• Account email + name (when you create an account — not required to use the free local extension)
• Scan input (URL, repo URL, commit SHA, diff) — only when cloud scan is opted in
• Detection output (DOM analysis only — no end-user PII from scanned sites; PII from sources is redacted via Patent A IC8 before any LLM call)
• Anonymous product analytics via self-hosted PostHog (analytics.reverter.ai, hosted in EU) — opt-in only; records crash + activation events, never source code or scan results

What we don't collect

• End-user PII from sites you scan — redacted by IC8 layer
• Source code outside the lines flagged by detection rules
• Third-party trackers or ad networks
• VS Code editor contents from non-flagged files

Where it lives

All scan data + audit logs in the EU (eu-north-1 / Hetzner FSN1). Retention default 30 days; Enterprise tier 7 years for EU AI Act audit-trail requirements. Self-host LLM option keeps inference on customer infrastructure for sovereign-EU customers.

PII-safe LLM preprocessing

Per Patent A IC8: every cloud LLM call passes through a Microsoft Presidio + spaCy NER preprocessor that swaps PII for type-preserving placeholders ([NAME_1], [EMAIL_1], [ADDRESS_1]) before transmission, then restores on response. Round-trip non-PII byte-diff is zero by construction; the audit log records { prompt_redacted, restored_count, leakage_check } per call.

Questions: privacy@reverter.ai.