Privacy Policy

Effective Date: January 1, 2026

1. Introduction

AR Data Intelligence Solutions Inc. ("Company," "we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use AR Code Scan at codescan.ardata.tech (the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Create an Account: Email address, name (optional), and authentication credentials
  • Connect Third-Party Accounts: OAuth tokens and associated profile information from GitHub or other platforms
  • Contact Us: Name, email address, and any information you include in your communications
  • Submit Code for Scanning: Repository URLs and access tokens for private repositories

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect:

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages viewed, features used, scan history, timestamps, and referring URLs
  • Log Data: Server logs, error reports, and performance metrics
  • Cookies and Similar Technologies: Session cookies, authentication tokens, and analytics identifiers

2.3 Repository and Code Data

When you initiate a scan, we access the following from your repositories:

  • Source code files and their contents
  • Repository structure, file paths, and metadata
  • Commit information and branch names

Important Notice Regarding Code Data: Your source code is processed in memory for analysis purposes only and is NOT permanently stored on our servers. Only scan results (vulnerability reports, recommendations, and relevant code snippets for context) are retained. We do not claim any ownership rights to your code.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • To provide, operate, and maintain the Service
  • To analyze your code for security vulnerabilities and quality issues
  • To generate reports and actionable recommendations
  • To process transactions and manage your account

3.2 Communication

  • To send service-related notifications and updates
  • To respond to your inquiries and support requests
  • To send marketing communications (with your consent, where required)

3.3 Improvement and Analytics

  • To improve our analysis algorithms and service quality
  • To understand usage patterns and optimize user experience
  • To develop new features and services

3.4 Legal and Security

  • To detect, prevent, and address fraud, abuse, or security issues
  • To comply with legal obligations and enforce our terms
  • To protect the rights, property, and safety of our users and the public

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud
  • Consent: Processing based on your explicit consent, which you may withdraw at any time
  • Legal Obligation: Processing necessary to comply with applicable laws

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Cloud Infrastructure: Vercel, Supabase (hosting and database services)
  • AI Analysis: Anthropic (Claude AI for code analysis)
  • Payment Processing: Stripe (for paid services)
  • Email Delivery: For transactional and notification emails

These providers are contractually obligated to protect your information and may only use it for the purposes specified.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

  • Court orders, subpoenas, or other legal process
  • Requests from law enforcement or government authorities
  • To protect our rights, property, or safety, or that of our users or the public

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest
  • Secure authentication mechanisms (OAuth 2.0)
  • Regular security assessments and monitoring
  • Access controls and audit logging
  • Employee training on data protection

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Data: Retained until you delete your account, plus a reasonable period for backup and legal compliance
  • Scan Results: Retained for as long as your account is active
  • Source Code: NOT stored; processed in memory only during analysis
  • Usage Logs: Retained for up to 90 days for operational purposes
  • Payment Records: Retained as required by tax and accounting laws

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal requirements
  • Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at alvin@ardata.tech. We will respond to your request within 30 days (or as required by applicable law).

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by relevant authorities
  • Data processing agreements with service providers
  • Compliance with applicable data transfer frameworks

10. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: To understand how you use the Service and improve it
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at alvin@ardata.tech.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on this page with a new effective date
  • Sending you an email notification (for material changes)

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

AR Data Intelligence Solutions Inc.

Data Protection Inquiries

Email: alvin@ardata.tech

Website: ardata.tech

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.