Platform Security | Privacy, Encryption & Compliance | GeekWala
Loading...
Skip to main content
GeekWala

Platform Security

How GeekWala protects your data and respects your privacy

Privacy & Data Security

How we protect your dependency data and scan results.

Data Collection Principles

  • • We collect only what's necessary to provide vulnerability scanning
  • • We never store your application source code
  • • We never transmit dependency manifests to third parties (except OSV API for scanning)

Anonymous Scans

• Session-based storage only (no database persistence)

• Data cleared when your browser session ends

• Limited log data (such as IP address and user agent) may be collected for security and abuse prevention

• Scan data is never shared or sold

Authenticated Scans

• Package metadata stored: ecosystem, name, version

• Scan results: vulnerability IDs, severity, status

No source code, env vars, or secrets stored

• Data encrypted at rest using industry-standard controls

• Data transmitted over HTTPS

Data Retention

How long we keep your scan history.

Free Users

30 days scan history

Pro Users

1 year scan history

Deleted projects and scans are removed within a reasonable period and may persist in backups for a limited time.

Third-Party Data Sharing

GeekWala shares data only with the following third-party services necessary for core functionality:

OSV API

Package name and version only (required for scanning). No source code or secrets transmitted.

Stripe

Billing information for Pro subscriptions. Stripe is PCI-DSS Level 1 certified.

Email Service

Notification emails (opt-in only). You can disable email alerts at any time in project settings.

Your Rights (GDPR/CCPA Compliance)

You have full control over your data with these rights:

Right to Access

Export scan data via API or dashboard. View all data we have about you.

Right to Deletion

Delete your account and all associated data from your account settings.

Right to Portability

Export scans as JSON for migration to other tools or services.

Right to Object

Opt out of email notifications anytime in project settings.

To exercise any of these rights, visit your account settings or contact us at privacy@geekwala.com. We respond to all requests within 30 days.

Security Measures

Technical safeguards we implement to protect your data.

Authentication & Authorization

  • Passwords are hashed with bcrypt (cost factor: 12)
  • API tokens use Laravel Sanctum with SHA-256 hashing
  • Session cookies: Secure, HttpOnly, SameSite flags enabled

Application Security

  • CSRF protection on all web forms
  • Rate limiting on all API endpoints (IP-based and user-based)
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Input validation on all user-submitted data

Infrastructure Security

  • All data transmitted over HTTPS (TLS 1.3)
  • Database connections encrypted at rest and in transit
  • Regular security reviews and automated vulnerability scanning
  • Automated backups with encryption

Security Disclosure

Found a security issue? Please report it responsibly to security@geekwala.com. We respond to all reports within 48 hours and provide updates throughout the remediation process.

What's next?