We protect customers the way we hope they protect their users.

All scans start in read-only mode. We never modify your code, deploy anything, or interact with your production runtime without explicit authorization.

Secret scanners (TruffleHog and the LaunchGuard core engine) only persist secret type, file path, and a salted fingerprint. The actual secret value never reaches our database.

AI prompts are scoped to a single scan. We do not train any base or fine-tuned model on customer source. DeepSec can run fully locally for the most sensitive repos.

Active validation only runs after you tick every consent box and provide an approved deployed URL. Shannon never tests third-party domains, brute forces, or DDoSes.

Our GitHub App requests the minimum scopes needed for each tier. Tokens are encrypted at rest and never exposed to the browser.

Fix Mode can create branches and pull requests but never auto-merges and never pushes to your default branch. You always see the diff before it leaves your repo.

Integration tokens (GitHub, providers, webhooks) are encrypted using AES-256-GCM with keys held outside the database. The frontend cannot select ciphertext columns.

Workspace owners can delete projects, scans, and reports at any time. Deleted artifacts are removed from primary storage immediately and from backups within 30 days.

All sensitive actions — Shannon authorization, PR creation, finding status changes, integration changes, report exports — are recorded in append-only audit logs.