Data Handling & Privacy

Learn how SyntaxValid handles source code, analysis data, and metadata with strict privacy and security controls.

## Data Handling & Privacy

Protecting your code and data is a core design principle of SyntaxValid.

This page explains how source code, analysis data, and metadata are handled, stored, and protected throughout the analysis lifecycle.

---

## What data SyntaxValid accesses

SyntaxValid requires limited access to perform analysis.

Depending on configuration, this may include:

- Source code files (read-only)

- Commit and pull request metadata

- Dependency manifests

- Configuration files relevant to analysis

SyntaxValid does not require access to unrelated systems or services.

---

## What data SyntaxValid does not access

SyntaxValid does not:

- Execute your code

- Access runtime secrets or environment variables

- Modify repository contents automatically

- Read unrelated repositories or organizations

Access is scoped and explicit.

---

## Code handling during analysis

When an analysis runs:

- A deterministic snapshot of the code is created

- The snapshot is analyzed in isolation

- Results are tied to that snapshot

Code is never modified during analysis.

---

## Data storage and retention

SyntaxValid stores:

- Analysis results

- Issue metadata

- TrustScore history

- Minimal audit information

Source code is not stored beyond what is required for analysis and verification.

Retention policies are designed to minimize data exposure.

---

## Privacy by design

SyntaxValid follows privacy-by-design principles:

- Least-privilege access

- Minimal data retention

- Clear separation between code and metadata

- Deterministic and explainable processing

No data is collected for advertising or unrelated analytics.

---

## AI usage and data protection

When AI-assisted features are used:

- Only the minimum required context is processed

- Code is not used to train external models by default

- AI suggestions are generated per request

- No silent data reuse occurs

AI is applied as a tool, not a data sink.

---

## Access control and permissions

Access to data is controlled by:

- Organization and project boundaries

- User roles and permissions

- GitHub and provider access scopes

Access can be revoked at any time.

---

## Compliance considerations

SyntaxValid is designed to support:

- Internal security reviews

- Compliance audits

- Vendor risk assessments

Documentation and traceability are provided to support these processes.

---

## Transparency and auditability

Every analysis result is:

- Traceable to a code snapshot

- Linked to a policy

- Associated with a timestamp and scope

This ensures accountability and explainability.

---

## What this means for teams

Teams can:

- Use SyntaxValid without exposing sensitive data

- Integrate analysis into secure workflows

- Maintain ownership and control over their code

Trust is built through transparency.

---

## Next steps

- AI usage and safety

- Deterministic analysis guarantees

- Security architecture overview