Privacy Policy

Last updated: March 24, 2026

1. What we collect

Free CLI (local scanning only):

• Basic anonymous usage stats (CLI version, operating system, terminal). We do not collect URLs, package names, or source code.

Cloud tier:

• The registry and package names you check, so we can prioritize the packages our users care about. We never store your source code.
• Basic anonymous usage stats (CLI version, operating system, terminal).
• Your account email and billing information.

2. How we use your data

Lookups help us prioritize which packages to audit deeply and which to revisit as new versions are published. We do not sell your data. We may publish aggregated, anonymized statistics (e.g. "the top 100 packages checked this week").

3. Data retention

• Audit results for public packages from npm and PyPI are cached indefinitely so repeat lookups are fast and free. These audits are not tied to any individual user.
• Lookup events (which packages you checked) are retained for the duration of your subscription.
• Account and billing data is retained for the duration of your subscription.
• You can request deletion of your personal data at any time by contacting us.

4. Third parties

We use Stripe for payment processing. We do not share your data with any other third parties except as required by law.

5. Cookies

The Bouncer website uses only essential cookies for authentication. We do not use tracking or advertising cookies.

6. Your rights

You can request access to, correction of, or deletion of your personal data at any time. Contact us at privacy@bouncer.sh.

7. Changes

We may update this policy. Material changes will be communicated via email to Cloud subscribers.