Privacy Policy

Last updated: February 19, 2026

What We Collect

When you use ShipCheck, we collect:

  • Account information: Email, name, authentication data
  • Scan data: URLs you scan, scan results, site ownership verification tokens
  • Redacted evidence: Only the specific security patterns we detect (e.g., "sk_live_...R8F9"), never full response bodies
  • Consent records: Timestamp, IP address, and consent text for every scan
  • Usage data: Scan frequency, plan usage, feature usage

What We DON'T Store

  • Raw response bodies from your applications
  • Full API keys or secrets (only redacted patterns for evidence)
  • Session tokens or authentication cookies from your apps
  • Complete stack traces or error pages

Data Retention

Scan evidence and results are retained for 30 days by default. Account data is retained until account deletion. You can request data export or deletion at any time.

Contact Us

Questions about privacy? Email us at privacy@shipcheckhq.com