Skip to Content
Alprina is in active development. Join us in building the future of security scanning.
GuidesGDPR Compliance

GDPR Compliance

Alprina is fully compliant with the General Data Protection Regulation (GDPR) and provides tools for users to exercise their data rights.

Your Data Rights

Under GDPR, you have the following rights:

Right to Access

  • View all data we store about you
  • Export your data in machine-readable format
  • Available instantly from dashboard

Right to Rectification

  • Update your personal information
  • Correct inaccurate data
  • Self-service via dashboard

Right to Erasure (“Right to be Forgotten”)

  • Delete your account and all associated data
  • Instant deletion (not 30-day wait)
  • Irreversible action

Right to Data Portability

  • Export your data in JSON format
  • Take your data to another service
  • Includes scans, findings, and settings

Right to Object

  • Opt-out of marketing communications
  • Withdraw consent for data processing
  • Manage preferences in dashboard

Data We Collect

Account Information

  • Email address
  • Name (if provided)
  • GitHub profile (if using OAuth)
  • Account creation date

Usage Data

  • Scan history and results
  • API usage statistics
  • Login timestamps
  • Billing information

Technical Data

  • IP address (for security)
  • User agent
  • Session information
  • API request logs (30 days)

What We DON’T Collect

  • ❌ Your source code
  • ❌ Sensitive scan targets
  • ❌ Payment card details (handled by Stripe via Polar)
  • ❌ Unnecessary personal data

Data Export

From Dashboard

  1. Navigate to Settings

    • Click profile → Settings
    • Go to “Privacy & Data”

  2. Request Data Export

    • Click “Export My Data”
    • Confirm request

  3. Download Data

    • Export generates instantly
    • Download as JSON file
    • Includes all your data

What’s Included:

{
  "user": {
    "id": "usr_abc123",
    "email": "user@example.com",
    "name": "John Doe",
    "created_at": "2025-01-01T00:00:00Z",
    "tier": "developer"
  },
  "scans": [
    {
      "scan_id": "scan_abc123",
      "scan_type": "code",
      "created_at": "2025-01-05T10:30:00Z",
      "findings": [...]
    }
  ],
  "api_keys": [
    {
      "key_id": "key_abc123",
      "name": "Production Server",
      "created_at": "2025-01-01T00:00:00Z",
      "last_used": "2025-01-05T09:00:00Z"
    }
  ],
  "subscription": {
    "tier": "developer",
    "status": "active",
    "credits_used": 67,
    "credits_limit": 100
  }
}

Via API

# Request data export
curl -X GET https://api.alprina.com/v1/user/export \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -o my-data.json
 
# Response: Complete JSON export

Via CLI

# Export your data
alprina user export --output my-data.json
 
# Output:
# ✓ Data exported successfully
# Saved to: my-data.json
# Size: 245 KB

Account Deletion

Important Notes

⚠️ Account deletion is immediate and irreversible

When you delete your account:

  • ✅ All personal data removed instantly
  • ✅ All scans and findings deleted
  • ✅ All API keys revoked
  • ✅ Subscription cancelled
  • ✅ No 30-day recovery period
  • ❌ Cannot be undone

Before Deleting

  1. Export Your Data

    alprina user export --output backup.json

  2. Download Important Scans

    alprina scan get scan_abc123 --output scan-backup.json

  3. Cancel Recurring Billing

    • Automatic on deletion
    • Pro-rated refund if within 60-day guarantee

  4. Update External Integrations

    • Remove API keys from CI/CD
    • Update webhook endpoints
    • Remove GitHub integration

From Dashboard

  1. Navigate to Settings

    • Click profile → Settings
    • Go to “Privacy & Data”

  2. Delete Account

    • Scroll to “Danger Zone”
    • Click “Delete Account”

  3. Confirm Deletion

    • Type your email to confirm
    • Click “Permanently Delete Account”

  4. Instant Deletion

    • Account deleted immediately
    • Logged out automatically
    • Confirmation email sent

Via API

# Delete account via API
curl -X DELETE https://api.alprina.com/v1/user \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{"confirm": "DELETE"}'
 
# Response:
# {
#   "success": true,
#   "message": "Account deleted successfully",
#   "deleted_at": "2025-01-05T10:30:00Z"
# }

Via CLI

# Delete account via CLI
alprina user delete
 
# Prompts:
# ⚠️  WARNING: This action is irreversible!
# All data will be permanently deleted.
#
# Type your email to confirm: user@example.com
# Are you absolutely sure? (yes/NO): yes
#
# ✓ Account deleted successfully
# All data has been permanently removed

Data Retention

Active Accounts

  • Account data: Retained while account active
  • Scan results: Retained while account active
  • API logs: 30 days rolling window
  • Billing data: As required by law (typically 7 years)

Deleted Accounts

  • Personal data: Deleted immediately
  • Anonymized analytics: May be retained
  • Legal/billing records: Retained per requirements
  • Backup systems: Purged within 30 days

Cancelled Subscriptions

  • Account remains active (free tier)
  • Data retained unless account deleted
  • Can reactivate subscription anytime

Data Processing

Where We Process Data

Primary Infrastructure:

  • Supabase (PostgreSQL): EU/US regions
  • Vercel (Frontend): Global CDN
  • Render (Backend API): US East region
  • Polar (Billing): EU region

Data Transfers:

  • EU → US: Standard Contractual Clauses
  • Encrypted in transit (TLS 1.3)
  • Encrypted at rest (AES-256)

Third-Party Processors

We share data with:

  1. Supabase (Database)

    • Purpose: Data storage and authentication
    • Location: EU/US
    • GDPR Compliant: Yes

  2. Stripe via Polar (Payments)

    • Purpose: Payment processing
    • Location: Global
    • GDPR Compliant: Yes

  3. Anthropic/OpenAI (AI Processing)

    • Purpose: Security scanning
    • Data Sent: Minimal code context only
    • Not PII: Code snippets anonymized
    • GDPR Compliant: Yes

  4. Vercel (Hosting)

    • Purpose: Web hosting
    • Location: Global CDN
    • GDPR Compliant: Yes

Data Minimization

We only collect what’s necessary:

  • ✅ Email for account and communications
  • ✅ Scan data for service functionality
  • ✅ Usage data for billing
  • ❌ No tracking pixels
  • ❌ No unnecessary cookies
  • ❌ No third-party analytics (privacy-focused only)

Your Privacy Controls

Marketing Preferences

# Opt out of marketing emails
# Dashboard → Settings → Privacy → Unsubscribe from marketing
 
# You'll still receive:
# - Transactional emails (receipts, security)
# - Service updates (outages, changes)
# - Legal notices (terms updates)

We use minimal cookies:

  • Essential: Authentication, session management
  • Functional: User preferences, settings
  • Analytics: Privacy-friendly (no tracking)

Manage in: Dashboard → Settings → Privacy → Cookie Preferences

Data Sharing

We never:

  • ❌ Sell your data
  • ❌ Share with advertisers
  • ❌ Use for training AI on your code
  • ❌ Share with third parties (except processors)

Compliance Certifications

Current Certifications

  • ✅ GDPR Compliant (EU)
  • ✅ SOC 2 Type II (in progress)
  • ✅ ISO 27001 (planned 2025)

Security Measures

  • Encryption at rest and in transit
  • Regular security audits
  • Penetration testing
  • Incident response plan
  • Data breach notification (within 72 hours)

Data Breach Notification

In the unlikely event of a data breach:

  1. Detection: Automated monitoring + security team
  2. Assessment: Within 24 hours
  3. Notification: Within 72 hours (GDPR requirement)
  4. Remediation: Immediate action to secure data
  5. Post-Mortem: Public transparency report

How you’ll be notified:

  • Email to registered address
  • Dashboard banner
  • Status page update
  • Blog post (if widespread)

Contact Data Protection Officer

For privacy questions or concerns:

Email: privacy@alprina.com Response Time: Within 48 hours Requests: Data access, corrections, deletions

Mailing Address: Alprina Data Protection Officer [Address] [City, Country]

GDPR Request Process

Data Access Request

  1. Email privacy@alprina.com
  2. Verify identity
  3. Receive data within 30 days (usually instant via dashboard)

Data Correction Request

  1. Update directly in dashboard (instant), OR
  2. Email privacy@alprina.com for assistance
  3. Changes processed within 7 days

Data Deletion Request

  1. Delete account in dashboard (instant), OR
  2. Email privacy@alprina.com
  3. Deletion within 30 days (usually instant)

Object to Processing

  1. Email privacy@alprina.com
  2. Specify what processing you object to
  3. We’ll stop or explain legal basis

Children’s Privacy

Alprina is not intended for users under 16.

  • We don’t knowingly collect data from children
  • If you’re under 16, don’t create an account
  • Parents: Contact us to delete child’s data

Changes to Privacy Policy

When we update our privacy policy:

  • Email notification to all users
  • 30-day notice before taking effect
  • Option to export data and delete account
  • Continued use = acceptance

FAQ

Q: How long does data export take? A: Instant. Download starts immediately.

Q: Can I recover my account after deletion? A: No, deletion is permanent and immediate.

Q: Do you keep backups of deleted data? A: Backup systems are purged within 30 days. No access to deleted data.

Q: Is my source code stored? A: No, we only process it temporarily for scanning. Not stored.

Q: Who can access my data? A: Only authorized Alprina staff for support/maintenance. Encrypted.

Q: Can I delete specific scans? A: Yes, via dashboard or CLI: alprina scan delete scan_abc123

Q: What happens to my data if Alprina shuts down? A: 90-day notice, data export tools available, self-service deletion.

Q: Do you use my code to train AI? A: No, never. Your code is never used for training.

Last updated on
Authentication GuideGitHub Actions Integration