Compliance

Odin Scan is committed to protecting user data and operating in compliance with applicable privacy regulations and platform agreements.

Odin Scan complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area:

Data minimization: Odin Scan collects only the data necessary to perform security analysis. Source code is processed for analysis purposes and retained according to your subscription plan.
Right to access: You can request a copy of all personal data Odin Scan holds about you through Settings > Account > Data Management or by contacting support.
Right to deletion: You can request deletion of your account and all associated data. Deletion requests are processed within 30 days.
Data portability: Analysis results and findings can be exported in standard formats (JSON, SARIF) from the dashboard.
Legal basis: Data processing is performed under the legal basis of contract performance (providing the scanning service you subscribed to).

CCPA

Odin Scan complies with the California Consumer Privacy Act (CCPA) for California residents:

Right to know: You can request disclosure of the categories and specific pieces of personal information collected about you.
Right to delete: You can request deletion of your personal information, subject to applicable exceptions.
Right to opt-out: Odin Scan does not sell personal information to third parties.
Non-discrimination: Exercising your CCPA rights does not result in different pricing or service levels.

Odin Scan complies with the GitHub Marketplace Developer Agreement, including:

Odin Scan processes source code solely for the purpose of security analysis. Code is not used for:

Training AI models
Sharing with third parties beyond the AI model providers required to perform the scan
Marketing or advertising purposes

For compliance inquiries, data access requests, or privacy concerns:

Email: support@odinscan.ai
Response time: Requests are acknowledged within 5 business days and fulfilled within 30 days.