Overview

DepShield is designed with privacy in mind. We collect minimal data and do not sell or share your information with third parties for marketing purposes.

Data We Collect

File Uploads

When you upload a package.json file for scanning, we process it in memory to identify dependencies. The file content is not stored permanently unless you explicitly choose to save a shareable report.

Shareable Reports

If you generate a shareable report, we store the scan results (dependency names, versions, and vulnerability data) for 7 days. Reports are automatically deleted after this period.

Email Addresses

If you subscribe to vulnerability notifications, we store your email address and a hash of your dependencies. We use this to notify you of new vulnerabilities affecting your stack.

Usage Analytics

We may collect anonymous usage statistics (page views, scan counts) to improve the Service. This data does not include personally identifiable information.

Data We Do Not Collect

Source code or file contents beyond dependency manifests
Personal information unless explicitly provided (email for notifications)
Tracking cookies for advertising purposes

Third-Party Services

We use the following third-party services:

OSV API - To query vulnerability data for npm packages
CISA KEV - To identify actively exploited vulnerabilities
Supabase - To store shareable reports and email subscriptions
Vercel - To host the application

Data Retention

Uploaded files: Processed in memory, not stored
Shareable reports: 7 days, then automatically deleted
Email subscriptions: Until you unsubscribe

Your Rights

You may request deletion of your data at any time by contacting privacy@depshield.dev. To unsubscribe from email notifications, use the unsubscribe link in any email or contact us directly.

Contact

For privacy-related inquiries, contact us at privacy@depshield.dev.