Legal

Privacy Policy

Last updated: May 1, 2026

1. Introduction

Orithos ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and website.

By using Orithos, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Information We Collect

2.1 Account Information. When you create an account, we collect your email address and authentication credentials. If you sign in via GitHub or Google, we collect the email address associated with that account.

2.2 Agent and Scan Data. When you register an agent, we store the agent name and endpoint URL you provide. Scan results include probe payloads (generated from our probe library) and your agent responses. We do not store the full content of communications between your users and your agent outside of scan results.

2.3 Usage Data. We collect anonymous usage metrics API request counts, scan volumes, feature usage patterns to improve the service. This data cannot be traced back to specific individuals or organizations.

2.4 Cookies. We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. You can control cookie settings through your browser preferences.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, maintain, and improve the Orithos platform
  • To process and complete security scans you initiate
  • To send administrative communications (e.g., billing, security notices)
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations

4. Data Retention

Scan results and findings are retained according to your configured retention policy. You can set retention to zero, which purges data immediately after scans complete. Account information is retained until you delete your account. Usage metrics are retained in anonymized form indefinitely for service improvement.

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share anonymized, aggregated data for analytics purposes. We may disclose information if required by law or to protect our legal rights.

Scan data is stored on our infrastructure and is not shared with third parties except as necessary to provide the service (e.g., cloud hosting providers). All such providers are bound by data processing agreements.

6. Security

We implement industry-standard security measures to protect your data, including encryption at rest and in transit, access controls, and regular security audits. API keys are hashed using bcrypt before storage. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@traceshield.dev. We will respond within 30 days.

8. Third-Party Services

Orithos uses the following third-party services, each with their own privacy policies:

  • Stripe payment processing (billing data only)
  • GitHub/Google OAuth authentication (email only)
  • PostgreSQL, Redis data storage (self-hosted or cloud provider)
  • Sentry error reporting (anonymized error traces)

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use of the service after changes constitutes acceptance of the new policy.

10. Contact

For questions about this Privacy Policy, contact us at privacy@traceshield.dev.