Privacy Policy

1. Introduction

Cecuro, Inc. ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cecuro.ai, use our smart contract auditing services, or interact with us.

2. Information We Collect

2.1 Account and Contact Information

• Name, email address, and organization information
• GitHub account information and installation permissions
• Account credentials and authentication data
• Organization logos and branding materials (when uploaded)
• Team member information and invitations

2.2 Smart Contract and Repository Data

• Smart contract source code for auditing
• Repository information, branch names, and commit data
• Selected files and audit scope configurations
• Audit findings, reports, and security assessments
• Fix submissions and remediation tracking
• Public repository URLs (when applicable)

2.3 Payment and Billing Information

• Payment provider transaction IDs and status
• Billing amounts, currency, and payment methods
• Discount codes and promotional information
• Payment history and invoice data

2.4 Usage and Analytics Data

• Website usage patterns and page interactions
• Conversion funnel progression and user behavior
• Feature usage and A/B testing participation
• Approximate (anonymized) IP, browser, and device details
• Referral sources and marketing attribution

2.5 Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies for authentication, analytics, and user experience enhancement. Our analytics provider (Google Analytics 4) may set cookies on your device to measure aggregated, anonymized site usage.

3. How We Use Your Information

• Perform smart contract security audits and generate reports
• Manage user accounts, authentication, and team collaboration
• Process payments and maintain billing records
• Track audit progress, fixes, and re-submissions
• Analyze usage patterns to improve our platform and services
• Conduct A/B testing and feature optimization
• Send service-related communications and notifications
• Provide customer support and respond to inquiries
• Prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms
• Generate aggregate analytics for business insights
• Process audit submissions through third-party AI/LLM providers to assist in security analysis (see Section 4.6)

4. Information Sharing and Disclosure

We do not sell your personal information. We may share information with the following third parties and in the following circumstances:

4.1 Essential Service Providers

• Supabase: Database hosting, authentication, and file storage
• Google Cloud Platform (GCP): Cloud storage for audit artifacts, reports, and related materials
• GitHub: Repository access and code integration (with your authorization)
• Resend: Transactional email delivery (account, audit, and billing notifications)
• Google Analytics 4: Aggregated, anonymized website analytics (pageviews, referral sources, device/browser data, and Core Web Vitals performance metrics). IP anonymization is enabled.
• Attio: Customer relationship management and lead processing

4.2 Payment Processors

• Stripe: Credit card and traditional payment processing
• Coinbase Commerce: Cryptocurrency payment processing
• Crypto.com Pay: Alternative cryptocurrency payments
• NOWPayments: Additional cryptocurrency payment options

Payment processors handle sensitive financial data according to their own privacy policies and industry standards (PCI DSS).

4.3 Legal Requirements

When required by law, court order, government request, or to protect our rights, safety, and property.

4.4 Business Transfers

In connection with mergers, acquisitions, or asset sales, with advance notice to affected users.

4.5 With Your Consent

For any other purposes with your explicit consent or as otherwise disclosed at the time of collection.

4.6 AI / Large Language Model (LLM) Providers

Portions of our audit analysis use third-party AI / large language model ("LLM") providers, including Anthropic, OpenAI, and Google. These and other models may be accessed directly or through cloud hosting platforms, including Microsoft Azure, that process the submitted data on the model provider's or our behalf. We may use additional AI/LLM providers and hosting platforms from time to time. Customer code, repository contents, and related materials submitted for audit may be transmitted to these providers via their commercial APIs to generate analysis used in your Audit Report.

Per these providers' commercial API terms, API submissions are not used to train their general-purpose models. API submissions may be retained by these providers for a short period (typically up to 30 days) solely for trust-and-safety and abuse-monitoring purposes, after which they are deleted. We do not control the retention or processing practices of third-party AI/LLM providers, and your data is also subject to their respective terms and privacy policies.

5. Analytics and Tracking

We use analytics services to understand how users interact with our platform:

5.1 Google Analytics 4

• Aggregate pageview, session, and conversion-funnel measurement
• Referral source, campaign, and marketing attribution
• Browser, device, and approximate (country-level) location information
• Core Web Vitals performance metrics (LCP, CLS, INP, FCP, TTFB)
• IP anonymization is enabled; we do not enable Google Signals or ads-personalization features

5.2 Your Choices

You can opt out of Google Analytics by installing Google's Analytics opt-out browser add-on, by using a browser that blocks analytics scripts, or by contacting us. Disabling analytics will not impact core audit functionality.

6. Data Security

We implement industry-standard technical and organizational security measures including encryption in transit and at rest, access controls, regular security assessments, and secure infrastructure partners. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide our services. Audit reports and related records may be retained for a longer period to meet professional, legal, and regulatory obligations. We retain payment and tax records as required by applicable law. Aggregated or anonymized data, which cannot reasonably be used to identify you, may be retained indefinitely.

You may request deletion of your personal information at any time. We will delete or anonymize such information subject to our legitimate retention obligations (for example, legal, accounting, fraud-prevention, or audit-recordkeeping requirements). We will respond to deletion and other rights requests in accordance with applicable law.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access and receive a copy of your personal information
• Correct inaccurate or incomplete information
• Delete your personal information (subject to certain exceptions)
• Restrict or object to processing of your information
• Data portability (where technically feasible)
• Withdraw consent for marketing communications

To exercise these rights, please contact us using the information provided below.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information during such transfers.

10. Children's Privacy

Our services are not directed to children. We do not knowingly collect personal information from individuals under 13 years of age (or under 16 in the European Economic Area and the United Kingdom). If you believe we have inadvertently collected such information, please contact us using the details below and we will promptly delete it.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website with a new effective date. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.