The short version
Ferret needs to read your code to hunt bugs in it. We read it in an isolated sandbox, we do not train models on it, and we delete it when the hunt is done. Enterprise customers can run the whole thing inside their own network so nothing leaves at all.
This policy explains what we collect, why, and the controls you have. If anything here is unclear, email privacy@ferretlabsai.com and a human will answer.
Your source code
To analyze a repository, Ferret clones it into a per-repo sandbox that is isolated from other customers and destroyed after the hunt completes. Source is held only for the duration of analysis.
We do not use your source code, tests, or fixes to train machine learning models, and we do not share it with third parties for their own purposes. On the Enterprise plan, analysis runs entirely within your infrastructure and your code never crosses your network boundary.
What we collect
Account data: your name, work email, organization, and authentication identifiers from Google or your SSO provider.
Usage data: which repositories you connect, when hunts run, how many defects are caught, and product telemetry used to keep Ferret reliable. This is metadata about hunts, not the contents of your code.
Billing data: for paid plans, we use a third-party payment processor and never store full card numbers ourselves.
How we use it
We use your data to run hunts, show you results, operate and secure the service, bill you correctly, and respond to support requests. We send product and security email you can opt out of, except for essential account and billing notices.
We do not sell your personal information.
Subprocessors
We rely on a small set of infrastructure providers for hosting, error monitoring, email, and payments. Each is bound by contract to protect your data. A current list is available on request, and Enterprise agreements include change notifications.
Retention and deletion
Source code is retained only for the duration of a hunt. Account and usage metadata is retained while your account is active and for a limited period afterward for legal and accounting reasons.
You can delete your account at any time from settings or by emailing privacy@ferretlabsai.com, and we will remove your data within 30 days except where retention is legally required.
Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data. Email privacy@ferretlabsai.com to exercise them and we will verify and respond within the timeframe the law requires.
Security
We encrypt data in transit and at rest, scope access to the minimum needed, and log administrative actions. Report a vulnerability to security@ferretlabsai.com. We read those quickly.
Changes to this policy
If we make a material change we will notify account owners by email before it takes effect. Continued use after the effective date means you accept the updated policy.
Questions? Reach us at hello@ferretlabsai.com. This document is written to be read, not to be survived.