← Back to home

Privacy Policy

Last updated: May 2025

What we collect

Your email address and display name, provided by Google or GitHub when you sign in. The website URLs and repository links you add to your projects. Security scan results generated for your verified projects.

How we use it

To authenticate you, maintain your session, and run OWASP Top 10 security scans on your verified projects. We do not sell, share, or use your data for advertising or third-party analytics.

Source code

Access to source code is exclusively for analysis purposes, processed entirely in memory and discarded immediately after the scan completes. It is never written to disk, logged, or stored in any form.

Cookies

We use a single session cookie (HttpOnly, Secure, SameSite=Strict) for authentication. We do not use tracking cookies or advertising cookies of any kind.

Third parties

Google and GitHub OAuth are used for authentication only. We receive your email address and display name. No other third-party services receive your personal data.

Data deletion

You can delete your projects and all associated scan results from the dashboard at any time. To delete your account entirely, open an issue on our GitHub repository.

Open source

OWMeter is open source. You can inspect how your data is handled in the public repository and verify these claims directly in the code.