Privacy Policy

Your privacy is important to us. This statement explains our privacy protocols, data minimization policy, and how public package metadata is analyzed.

1. Visitor Data Minimization

The PyPI Security Scanner is built to be a public threat intelligence feed. We do not use advertising trackers, marketing cookies, or tracking pixels. Visits to the site are logged purely under basic, anonymized server-side request metrics (such as request time, path, and general region details) provided by the Cloudflare Pages routing logs. No personal data is stored, aggregated, or sold.

2. Public Package Auditing

The security scans presented on this dashboard are collected from public releases published to the PyPI Registry. Because PyPI releases are public open-source distributions, security diagnostics (heuristics reports, code snippets triggering alerts, and AI-synthesized verdicts) are shared publicly here to protect the wider developer ecosystem.

3. Third-party APIs

During background scans, the ingestion pipeline queries third-party APIs (such as OSV.dev and GitHub) to cross-reference security information. These checks do not transmit any visitor details. Analysis request parameters are bounded to public package names and public manifest dependencies.

4. Updates to this Policy

We may update this Privacy Policy from time to time to align with system security updates. Changes will be posted directly to this route.