Privacy Policy

Last updated: January 1, 2025  ·  Effective: January 1, 2025

Your privacy is fundamental to how we build AuditSmart. We collect the minimum data necessary and never sell it.

TL;DR — The Short Version

  • We never store your smart contract source code — only a SHA-256 hash.
  • We don't sell your data to anyone, ever.
  • Passwords are bcrypt-hashed. We can't read them.
  • You can delete your account and all data at any time.
  • We use Razorpay for payments — your card details never touch our servers.

1. Information We Collect

We collect information you provide directly to us, including:

Account Information: When you register, we collect your name, email address, and password (stored as a secure hash). You may also choose to authenticate via GitHub or Google OAuth, in which case we receive basic profile data from those providers.

Payment Information: If you purchase a paid plan, payment is processed by Razorpay. We do not store your full card details. We receive a payment token and transaction ID from Razorpay for our records.

Usage Data: We log which features you use, audit history (metadata only), and performance metrics to improve the platform.

Contract Data: Smart contract code you submit is analyzed in-memory and immediately discarded. We retain only a SHA-256 hash of the contract for report verification purposes. We never store your raw contract source code.

2. How We Use Your Information

We use the information we collect to:

- Provide, maintain, and improve AuditSmart services - Process transactions and send transaction confirmations - Send security advisories and product updates (you can opt out at any time) - Respond to your comments and questions - Monitor and analyze usage patterns to improve the platform - Detect and prevent fraud and abuse - Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

3. Data Storage & Security

Contract Code: Never stored. Only a SHA-256 hash is retained for report integrity verification.

Account Data: Stored in encrypted MongoDB databases hosted on cloud infrastructure with SOC 2 Type II certification.

Passwords: Bcrypt-hashed with a cost factor of 12. Plain-text passwords are never stored or logged.

Data Retention: Account data is retained as long as your account is active. You may request deletion at any time by contacting privacy@auditsmart.org. We will process deletion requests within 30 days.

Encryption: All data in transit is protected by TLS 1.3. Sensitive fields at rest are encrypted using AES-256.

4. Cookies & Tracking

We use the following types of cookies:

Essential Cookies: Required for authentication sessions and core functionality. Cannot be disabled.

Analytics Cookies: We use Vercel Analytics to understand how visitors interact with our site. This data is anonymized and does not personally identify you.

Preference Cookies: Store your theme preference (dark/light mode) and other UI settings.

We do not use third-party advertising cookies or behavioral tracking. You can manage cookie preferences in your browser settings.

5. Third-Party Services

AuditSmart integrates with these third-party services, each with their own privacy policies:

- Razorpay — Payment processing (razorpay.com/privacy) - Google — OAuth authentication (policies.google.com/privacy) - GitHub — OAuth authentication (docs.github.com/site-policy/privacy-policies) - Resend — Transactional email delivery - Upstash — Rate limiting and caching (Redis) - Vercel — Hosting and analytics

We share only the minimum information necessary for these services to function.

6. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable laws:

- Access: Request a copy of all personal data we hold about you - Rectification: Correct inaccurate or incomplete data - Erasure: Request deletion of your personal data - Portability: Receive your data in a machine-readable format - Objection: Object to processing of your data for marketing purposes - Restriction: Request that we limit how we use your data

To exercise any of these rights, contact us at privacy@auditsmart.org. We will respond within 30 days.

7. Children's Privacy

AuditSmart is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@auditsmart.org and we will delete the information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on our platform at least 30 days before changes take effect. Your continued use of AuditSmart after the effective date constitutes acceptance of the updated policy.

The "Last Updated" date at the top of this page indicates when the policy was last revised.

9. Contact Us

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

Email: privacy@auditsmart.org Response time: Within 30 days

For general inquiries, visit our [Contact page](/contact) or email hello@auditsmart.org.