FAQ
Common questions answered
Is my code used to train AI models?
No. We use AI to explain detected issues and suggest fixes, but your code is never used to train any models. Full source code is deleted after scanning.
Can you see my actual secrets?
We detect patterns that look like secrets (API keys, passwords, tokens). We store code snippets containing these patterns so we can show you what's wrong. We recommend you rotate any exposed secrets immediately.
Can I delete my data?
Yes. You can delete individual scans from your dashboard. For complete account deletion, contact us at shieldmyapp.security@proton.me
How do I fix detected issues?
Each issue shows you exactly what's wrong and how to fix it. For dependency vulnerabilities, run the suggested npm commands. For secrets and configs, follow the step-by-step fix instructions.
Do you support private repositories?
Yes. When you authorize GitHub access, you choose which repositories to share. We only access the repositories you explicitly authorize.
What languages do you support?
We scan JavaScript, TypeScript, and their ecosystems (React, Next.js, Node.js). Our dependency scanning works with npm/yarn/pnpm package managers.
Is CLEAR the same as secure?
No. CLEAR means we didn't find issues in what we scan. We cover approximately 70% of common issues. Complex vulnerabilities, business logic flaws, and novel attacks may not be detected.
Can I use this for compliance?
ShieldMyApp is not a compliance certification tool. We help you catch common security issues, but we're not a replacement for formal security audits required by compliance frameworks.
Have a question not answered here? Contact us