Privacy Policy

Last updated: April 22, 2026

1. Information We Collect

When you create an account, we collect your name, email address, and profile picture via OAuth (Google or GitHub). We also receive the detection rules you paste into the analyzer and the analysis results we generate for you. We do not collect payment card data directly — payments are processed by Polar.

2. How We Use Your Information

  • To create and manage your account
  • To issue and manage your API key(s)
  • To analyze the detection rules you submit and return quality scores
  • To track analysis usage and enforce plan limits
  • To send transactional emails: welcome on signup, payment receipts, subscription cancellations, API key rotation alerts, monthly quota warnings, and admin-initiated plan changes
  • To send optional monthly usage recaps summarising your detection rule analyses. You can unsubscribe from these at any time using the link in the email or by contacting [email protected]

3. Data We Do Not Collect

We do not sell your data. We do not use your data for advertising. We do not redistribute private detection rules you submit to the analyzer — public library submissions are opt-in only.

4. Usage Data

We store aggregate analysis counts (per month) to enforce plan limits and provide usage statistics in your dashboard. These counters are stored in our database alongside minimal metadata (rule format, score, timestamp) and are linked to your account.

5. Cookies

We use a single session cookie for authentication. No third-party tracking cookies are used.

6. Third-Party Services (Subprocessors)

We use the following third parties to operate the Service. Each is subject to their own privacy policy and, where applicable, a Data Processing Agreement.

  • Google / GitHub OAuth — authentication (email, name, profile image)
  • Polar — payment processing. We do not receive or store your card details; only customer and subscription IDs are kept on our side
  • Resend — transactional and notification email delivery. Your email address, name, and the content of emails we send you are transmitted through Resend. Their DPA: resend.com/legal/dpa
  • Cloudflare — DNS and edge proxy for detectionlint.org
  • Render — application hosting
  • Neon — managed PostgreSQL database (EU region)

7. Data Retention

We retain your account data for as long as your account is active. When your account is deleted, your personal data (user record, API keys, submitted rules, analysis results, usage history) is permanently removed from our database immediately. Email metadata held by our email provider (Resend) is retained according to their retention policy.

8. Email Communications

Transactional emails about your account (welcome, payment receipts, security notices, plan changes) are necessary for operating the Service and cannot be disabled without closing your account. Non-transactional emails (currently only the optional monthly usage recap) include an unsubscribe link in every message; you can also email [email protected] to opt out.

9. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting [email protected].

10. Security

All data is transmitted over HTTPS. API keys are stored as truncated display values only — the full key is shown once at creation and is not recoverable.

11. Contact

Privacy questions: [email protected]