Privacy Policy
Plain English. No surprises.
The Four Laws
We never see your secrets.
API keys and credentials are redacted locally before any data leaves your machine.
We never train AI on your code.
Your code is not used to train any models. Period.
We never store your code.
Analysis is ephemeral. Memory is wiped after every request.
We never sell your data.
We make money from subscriptions, not from selling your information.
What We Collect
| Data Type | Collected? | Purpose | Retention |
|---|---|---|---|
Scan Metadata File count, scan duration, pattern matches | Yes | Product analytics | 90 days |
Anonymized Patterns Aggregated vulnerability types | Yes | Improve detection | Aggregated only |
Account Data Email, organization name | Yes | Authentication | Until deletion |
Source Code Your actual code files | No | — | — |
API Keys & Secrets Passwords, tokens, credentials | No | — | — |
Full Policy
Information We Collect
We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This includes your email address, organization name, and usage metadata from the Inkog CLI and API.
In plain English:
We need your email to create an account. We track basic usage stats like "how many files were scanned" to improve the product. That's it.
Information We Don't Collect
Inkog is architected to minimize data collection. Source code content, secrets, API keys, passwords, and other sensitive credentials are redacted locally on your machine before any data transmission occurs. We do not have access to this information.
In plain English:
Your code never leaves your machine in readable form. Secrets are masked locally. We literally cannot see them even if we wanted to.
How We Use Information
We use the information we collect to provide, maintain, and improve our services; to process transactions; to send technical notices and support messages; and to respond to your requests.
In plain English:
We use your email to log you in and send you important updates. We use anonymous analytics to make the product better. No creepy stuff.
Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share anonymized, aggregated data that cannot be used to identify you for research and product improvement purposes.
In plain English:
We don't sell your data. We might publish stats like "X% of scans find issues" but nothing that identifies you or your code.
Data Retention
We retain your account information for as long as your account is active. Usage metadata is retained for 90 days. You may request deletion of your data at any time by contacting legal@inkog.io.
In plain English:
Your account exists until you delete it. Usage stats are kept for 90 days. Email us to delete everything.
Security
We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS 1.3) and ephemeral processing with no persistent storage of code content.
In plain English:
Everything is encrypted. Your code is processed and immediately forgotten. See our Security page for the full architecture.
Sub-processors
We use third-party services to provide Inkog Cloud. Our current sub-processors include: • Cloud Infrastructure Provider (EU region) • Payment Processor (for paid tiers) • Product Analytics (privacy-focused) All sub-processors are contractually bound to handle data in accordance with GDPR and our Privacy Policy. For the current list of specific sub-processors, contact legal@inkog.io.
In plain English:
We use standard cloud infrastructure, payments, and analytics tools. All EU-compliant. Email us if you need the specific vendor list.
Last updated: December 2025