This document outlines the privacy and data handling practices for the SmartContractAudit project. We are committed to protecting privacy and handling data responsibly.
This project may collect:
- Public Repository Data: Information visible in public GitHub repositories
- Issue and PR Data: Publicly submitted issues and pull requests
- Usage Statistics: Anonymous analytics about tool usage (when applicable)
- Error Reports: Diagnostic information from failures (sanitized)
We never collect or store:
- Private keys or seed phrases
- API keys or authentication tokens
- Passwords or credentials
- Personal financial information
- Personally identifiable information (PII) without consent
We never store, log, or transmit plaintext private keys or sensitive cryptographic material.
This policy applies to:
- Source code and configuration files
- Log files and error messages
- Audit reports and artifacts
- Temporary files and caches
- Database storage
- Network transmissions
- Memory dumps or debugging output
All automation and tooling must:
- Detect potential secrets before storage or transmission
- Redact sensitive data in logs and outputs
- Sanitize all public artifacts
- Reject PRs or commits containing secrets
- Alert on potential exposure incidents
Example redaction patterns:
Private Key: [REDACTED]
API Key: ***************
Mnemonic: [REDACTED - 12 words]
Secret: ********
If a secret is accidentally exposed:
- Immediate Action: Rotate/revoke the compromised credential
- Notification: Alert security team at [email protected]
- Remediation: Remove from git history using git-filter-repo or BFG
- Documentation: Document incident and prevention measures
- Prevention: Update detection rules to prevent recurrence
- Default Retention: 90 days for workflow artifacts
- Log Files: 30 days for standard logs
- Security Logs: 180 days for security-related logs
- Release Artifacts: Indefinite for stable releases
To request deletion of your data:
- Email [email protected]
- Specify the data to be deleted
- Provide verification of ownership
- We will respond within 14 days
Note: Some data (e.g., public git commits) cannot be deleted due to the distributed nature of git.
This project may use:
- GitHub: Repository hosting and CI/CD
- npm/PyPI: Package distribution
- CDNs: Content delivery for documentation
Each service has its own privacy policy. We recommend reviewing them.
By contributing to this project:
- Your commits become part of public git history
- Your GitHub username is visible
- Contribution statistics may be public
- Communications in issues/PRs are public
As a contributor, you can:
- Use a pseudonymous GitHub account
- Use GitHub's private email feature
- Request removal of specific PII from documentation
- Opt out of contributor recognition lists
We are committed to transparency:
- Security incidents are disclosed (after remediation)
- Data breaches are reported promptly
- Changes to this policy are announced
For privacy concerns or questions:
Email: [email protected]
Response time: 5-7 business days
For security issues, use: [email protected]
Our tools implement:
- Pre-commit hooks for secret detection (recommended)
- CI/CD scanning for exposed secrets
- Periodic audits of repository history
- Automated redaction in logs and artifacts
Pattern detection includes:
- Private keys (RSA, EC, etc.)
- API keys and tokens
- Database credentials
- OAuth tokens
- JWT tokens
- Encryption keys
- Custom patterns (configurable)
This project aims to be compliant with:
- GDPR (for European contributors)
- CCPA (for California contributors)
- General data protection best practices
While this is an open-source project and not a commercial service, we strive to respect privacy rights globally.
We follow the principle of data minimization:
- Collect only what is necessary
- Retain data only as long as needed
- Delete data when no longer required
- Anonymize data when possible
You have the right to:
- Access: Request copies of your data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion (where technically feasible)
- Portability: Receive data in a portable format
- Objection: Object to processing of your data
To exercise these rights, contact [email protected].
This project is not directed at children under 13. We do not knowingly collect information from children.
We may update this policy:
- Major changes are announced via GitHub
- Continued use constitutes acceptance
- Previous versions available in git history
- SECURITY.md - Security and vulnerability disclosure
- DATA_RETENTION.md - Data retention specifics
- GOVERNANCE.md - Project governance
Last Updated: 2026-01-01
Contact: [email protected]
For privacy questions, concerns, or requests:
- Email: [email protected] (placeholder contact)
- Response time: Within 7 business days
For security matters, see SECURITY.md.
We strive to comply with:
- GDPR (European Union)
- CCPA (California)
- Other applicable privacy regulations
We believe in transparency. This policy is open source and we welcome feedback through GitHub issues.
Last updated: 2026-01-01