Skip to content
ferret.
Legal

Privacy Policy

Ferret reads your code to find bugs in it. Here is exactly how we handle it.

Last updated June 30, 2026

The short version

Ferret needs to read your code to hunt bugs in it. We read it in an isolated sandbox, we do not train models on it, and we delete it when the hunt is done. Enterprise customers can run the whole thing inside their own network so nothing leaves at all.

This policy explains what we collect, why, and the controls you have. If anything here is unclear, email privacy@ferretlabsai.com and a human will answer.

Your source code

To analyze a repository, Ferret clones it into a per-repo sandbox that is isolated from other customers and destroyed after the hunt completes. Source is held only for the duration of analysis.

We do not use your source code, tests, or fixes to train machine learning models, and we do not share it with third parties for their own purposes. On the Enterprise plan, analysis runs entirely within your infrastructure and your code never crosses your network boundary.

What we collect

Account data: your name, work email, organization, and authentication identifiers from Google or your SSO provider.

Usage data: which repositories you connect, when hunts run, how many defects are caught, and product telemetry used to keep Ferret reliable. This is metadata about hunts, not the contents of your code.

Billing data: for paid plans, we use a third-party payment processor and never store full card numbers ourselves.

How we use it

We use your data to run hunts, show you results, operate and secure the service, bill you correctly, and respond to support requests. We send product and security email you can opt out of, except for essential account and billing notices.

We do not sell your personal information.

Subprocessors

We rely on a small set of infrastructure providers for hosting, error monitoring, email, and payments. Each is bound by contract to protect your data. A current list is available on request, and Enterprise agreements include change notifications.

Retention and deletion

Source code is retained only for the duration of a hunt. Account and usage metadata is retained while your account is active and for a limited period afterward for legal and accounting reasons.

You can delete your account at any time from settings or by emailing privacy@ferretlabsai.com, and we will remove your data within 30 days except where retention is legally required.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. Email privacy@ferretlabsai.com to exercise them and we will verify and respond within the timeframe the law requires.

Security

We encrypt data in transit and at rest, scope access to the minimum needed, and log administrative actions. Report a vulnerability to security@ferretlabsai.com. We read those quickly.

Changes to this policy

If we make a material change we will notify account owners by email before it takes effect. Continued use after the effective date means you accept the updated policy.

Questions? Reach us at hello@ferretlabsai.com. This document is written to be read, not to be survived.