Security and Privacy
Source code, reports, uploads, and findings are treated as confidential client assets.
No training policy
Client source is not used to train public or shared models.
Least privilege
Business viewers cannot access source evidence, and sensitive actions are audited.
Retention controls
Projects can be deleted with local source artifacts removed by the API.