Privacy Policy
1. Who we are
S-Core Compliance is operated by S-Core Analytics Inc., a C-Corporation based in New Jersey, USA ("S-Core", "we", "us"). This policy describes how we collect, use, and protect information when you use s-core-compliance (the "Service").
2. Information we collect
- Account information: email address, company name, and authentication data managed through Google Firebase Authentication.
- Workspace data: compliance settings, policy documents, attestation records, employee records you add, and integration scan results.
- Integration credentials: access tokens you provide (e.g., a GitHub personal access token) are stored server-side and used only to run the compliance checks you request. They are never exposed to other users or returned to the browser.
- Usage and log data: standard server logs (IP address, user agent, request paths) retained through Google Cloud Logging.
3. How we use information
- To provide the Service: run compliance checks, generate policy documents, track attestations, and compute readiness scores.
- To operate scheduled monitoring you enable (e.g., hourly GitHub configuration checks).
- To process subscription payments through Stripe. We never store full card details; Stripe is our payment processor.
- To communicate service updates, security notices, and support responses.
4. What we do not do
- We do not sell your personal information.
- We do not use your workspace data to train machine-learning models.
- We do not access your connected systems beyond the read-only checks the Service performs.
5. Where your data lives
Data is stored in Google Cloud (Firestore and Cloud Run) in the United States. Transport is encrypted with TLS; data at rest is encrypted by Google Cloud's default encryption.
6. Data retention and deletion
Workspace data is retained while your account is active. You may request deletion of your account and all associated data at any time by emailing hello@s-coreanalytics.com; we complete deletion within 30 days.
7. Your rights
Depending on your jurisdiction (including GDPR and CCPA where applicable), you may have rights to access, correct, export, or delete your personal information. Contact us to exercise them.
8. Third-party services
The Service relies on Google Cloud Platform and Firebase (hosting, database, authentication), Stripe (payments), and GitHub (when you connect it). Each processes data under its own privacy terms.
9. Cookies
We use only essential and preference cookies. See our Cookie Policy for details.
10. Changes
We will post updates to this policy here and update the effective date. Material changes will be announced by email to account holders.
11. Contact
S-Core Analytics Inc. · New Jersey, USA · hello@s-coreanalytics.com