Privacy Policy

Last updated: March 1, 2026

🔒 TL;DR - Privacy Summary

  • ✅ We analyze your code to find vulnerabilities — that's our job
  • ✅ We don't sell your data or code to anyone
  • ✅ Your code is processed and deleted — we don't keep copies
  • ✅ Shield collects only request metadata (paths, IPs) — never request/response bodies
  • ✅ Shield event data is auto-deleted after 7 days
  • ✅ We use industry-standard security practices
  • ✅ You can request deletion of your account and data anytime

1. Introduction

Moon One LLC ("Company," "we," "us," or "our") operates the Vericode platform, which includes AI-powered smart contract security analysis (vericodeai.com), application security scanning (app.vericodeai.com), and Shield runtime monitoring. This Privacy Policy explains how we collect, use, and protect your information when you use any of our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (if using email authentication)
  • Wallet address (if using Web3 authentication)
  • OAuth profile information (if using Google/Twitter login)

2.2 Code Submitted for Analysis

When you submit code for scanning:

  • Smart contracts: Solidity source code, contract addresses, chain identifiers
  • Applications: Web application source code (Python, JavaScript, TypeScript, Go, etc.), repository URLs
  • Context documents: README files, specifications, or other documentation you choose to provide

2.3 Shield Monitoring Data

When you deploy the Vericode Shield SDK on your application, the following data is collected from your application's traffic:

  • HTTP request metadata: paths, methods, status codes, response times
  • Client IP addresses and user agent strings
  • Error messages and uncaught exception information
  • Detected attack patterns (SQL injection attempts, XSS patterns, path traversal)

🛡️ Shield does NOT collect: request/response bodies, authentication tokens, cookies, passwords, form data, query parameter values, or any other payload content.

2.4 Usage Data

  • Analysis history and reports generated
  • Feature usage patterns across our platforms
  • Technical logs (IP addresses, browser type, timestamps)
  • API usage metrics (for CI/CD and API key usage)

3. How We Use Your Information

  • Provide the Service: Analyze your code and generate security reports; monitor your apps and generate alerts
  • Improve our AI: Anonymized vulnerability patterns help us improve detection accuracy across all platforms
  • Continuous Monitoring: Alert you about new vulnerabilities affecting your contracts or active attacks on your applications
  • Shield Analysis: Process event data to detect attack patterns and anomalies in real-time
  • Communication: Send important updates about your account, audits, and security alerts
  • Legal Compliance: Meet regulatory requirements and respond to legal requests

4. Code Handling & Data Retention

How We Handle Your Code

  • Processing: Your code is analyzed in isolated environments and processed through our security tools and AI systems. Smart contract code is analyzed with Slither, Mythril, Aderyn, Halmos, and Echidna. Application code is analyzed with Semgrep, Bandit, Gitleaks, and dependency auditing tools.
  • Temporary Storage: Code is stored only during the analysis process and automatically purged within 24 hours of report generation.
  • No Sharing: We never share, sell, or provide your code to third parties.
  • Reports: Generated reports are stored in your account and can be deleted at your request.

Shield Event Data Retention

  • Events: HTTP request metadata is retained for 7 days and then automatically purged.
  • Alerts: Security alerts (generated from event analysis) are retained for the lifetime of your Shield app or until you delete them.
  • Statistics: Aggregated, anonymized statistics (request counts, error rates) may be retained longer for trend analysis.
  • Deletion: You can delete a Shield app and all its associated events and alerts at any time via the dashboard.

5. Information We Do NOT Collect

  • ❌ Private keys or seed phrases
  • ❌ Wallet balances or transaction history
  • ❌ Passwords (we use passwordless authentication)
  • ❌ Financial information beyond payment processing
  • ❌ Request/response bodies from Shield-monitored applications
  • ❌ Authentication tokens, cookies, or session data from your users
  • ❌ Personal data of your application's end users (beyond IP addresses for attack detection)

6. Third-Party Services

We use the following third-party services:

  • Privy: Authentication and wallet connections
  • Stripe: Payment processing (for fiat/card transactions)
  • Cloudflare: CDN, DNS, and DDoS protection
  • Blockscout/Sourcify/Etherscan: Fetching verified smart contract source code
  • GitHub: Fetching application source code from repositories you provide
  • AI Model Providers: We use multiple AI models (e.g., DeepSeek, Google Gemini, Anthropic Claude) for code analysis. Code is sent to these providers for analysis and is subject to their respective data processing policies. We select providers that offer data processing agreements and do not train on customer data.

Each third-party service has its own privacy policy. We recommend reviewing their policies.

7. Data Security

We implement industry-standard security measures:

  • HTTPS/TLS encryption for all data in transit
  • Isolated analysis environments for code processing
  • Rate limiting and DDoS protection on all endpoints
  • Content Security Policy (CSP) headers on all web properties
  • Access controls and audit logs for internal systems
  • Automatic purging of processed code and Shield event data
  • API key authentication with per-key rate limiting for CI/CD access
  • Shield event ingestion authenticated via unique per-app API keys

8. Your Responsibilities as a Shield User

When you deploy Shield SDK on your application, you become a data controller for the request metadata collected from your application's users. You are responsible for:

  • Updating your application's privacy policy to disclose the use of Vericode Shield for security monitoring
  • Disclosing that HTTP request metadata (including IP addresses) is collected and transmitted to Vericode for security analysis
  • Ensuring compliance with applicable data protection laws (GDPR, CCPA, etc.) regarding the collection of IP addresses and user agent strings
  • Responding to data subject requests from your users regarding data collected through Shield

9. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and all associated data (audit reports, Shield apps, events, and alerts)
  • Export: Download your audit reports and history
  • Opt-out: Unsubscribe from marketing communications
  • Revoke: Revoke API keys and Shield app keys at any time

To exercise these rights, contact us at [email protected]

10. International Users

Our Service is operated from infrastructure located in Europe (OVH, France) and the United States. If you are accessing our Service from other regions with data protection laws, please be aware that your information may be transferred to and processed in these jurisdictions. By using our Service, you consent to this transfer. For EU/EEA users, we process data on the basis of contractual necessity and legitimate interest in providing security services.

11. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

For privacy-related questions or concerns, contact us at:

Moon One LLC

Email: [email protected]

Moon One LLC • Wyoming, United States