How We Handle Your Code
What we do, what we store, and what we don't
Our approach
ShieldMyApp is built with one assumption: you don't trust us by default — and you shouldn't. We designed our system to minimize what we access and store.
What we access
- • Repository source code (read-only during scan)
- • package.json and lock files (for dependency analysis)
- • Configuration files (for security pattern detection)
What we store
- • Code snippets — only lines containing detected issues
- • Scan results — issue type, severity, file path, recommendation
- • Metadata — repository name, scan timestamp, verdict
What we don't store
- • Full source code — deleted after scan completes
- • Git history — we only analyze current state
- • Your actual secrets — we detect patterns, not extract values
- • Environment files — we don't access your .env
What we don't do
- • Push code directly to your repository
- • Auto-deploy or trigger any CI/CD pipelines
- • Access issues, wikis, or repository settings
- • Use your code to train AI models
- • Share your code with third parties
Fix guidance
We provide step-by-step instructions and ready-to-run commands for fixing detected issues. You decide what to fix and when. We never make any changes to your code automatically.
Questions? Contact us at shieldmyapp.security@proton.me