The short version
We collect your email address, your encrypted scan results, and anonymous usage analytics. That is it. Your source code never leaves your browser. We do not sell your data. We do not train AI on your data unless you explicitly opt in. Scan results are deleted after 30 days. You can export or delete everything at any time.
Who we are
X185Plus is a deterministic code governance platform operated by a solo developer in Australia. You scan your code, receive verified repairs, and earn Gold Certificates. This policy explains what personal data we handle and why.
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you are in the European Union or United Kingdom, we also comply with the GDPR.
What we collect
- Your email address. Used to create your account, sign you in, and send essential service messages. Nothing promotional unless you ask for it.
- Encrypted scan results. The findings and repair outcomes from your scans. These are stored encrypted and deleted automatically after 30 days.
- Anonymous usage analytics. Aggregate data about how the platform is used, such as which features are popular. This data is not tied to your identity. You can opt out in your account settings.
What we do not collect
- Your source code. Scans run entirely in your browser. Your code is never uploaded to our servers, never stored by us, and never visible to us.
- Your browsing history. We do not track what you do outside X185Plus.
- Your IP address. We collect IP addresses only for short-lived security logging used to detect abuse and protect accounts. Security logs are not used for profiling or marketing.
- Your payment card details. Payments are handled entirely by Stripe. Card numbers never touch our systems and we never see them.
How we use your data
We use your data only to run the service. That means creating and securing your account, storing your scan results for the 30 day retention window, processing subscription payments through Stripe, and improving the product using anonymous analytics.
We do not sell your personal data. We do not share it with third parties for their own purposes. We do not use your data to train AI models unless you give explicit opt-in consent, and you can withdraw that consent at any time.
Services we rely on
A small number of trusted providers help us run X185Plus. Each one only receives the minimum data needed to do its job.
- Supabase. Provides authentication and our database. Your email address and encrypted scan results live here.
- Stripe. Processes payments. Stripe handles all card data under its own privacy policy and PCI compliance. We only see whether a payment succeeded.
- Cloudflare Pages. Hosts this website.
Some of these providers store data outside Australia. Where that happens, we take reasonable steps to ensure your data receives protection consistent with the APPs. Where the GDPR applies, we rely on appropriate safeguards. These include standard contractual clauses.
Cookies
We use essential session cookies only. These keep you signed in and keep the service secure. There are no tracking cookies. There are no advertising cookies. There are no third-party marketing scripts. Because we only use essential cookies, there is no cookie banner to click through.
How long we keep your data
- Scan results. Kept for 30 days, then automatically and permanently deleted.
- Account data. Kept until you delete your account. When you delete your account, your personal data is removed from our systems.
- Security logs. Kept only as long as needed to protect the service, then discarded.
Your rights
You are in control of your data. At any time you can:
- Export your data. Request a copy of the personal data we hold about you in a portable format.
- Delete your account. This removes your personal data from our systems.
- Opt out of analytics. Toggle it off in your account settings.
- Correct your details. Update your email address from your account.
- Withdraw consent. If you opted in to anything, you can opt back out.
Under the GDPR you also have the rights of access, rectification, erasure, restriction, portability, and objection. To exercise any right, email us and we will respond within 30 days.
If you believe we have mishandled your data, you can complain to us first. You can also complain to the Office of the Australian Information Commissioner (OAIC). If you are in the EU or UK, you can complain to your local data protection authority.
Security and data breaches
Scan results are stored encrypted. Access to production systems is restricted and authenticated. Payments are isolated with Stripe so card data never enters our infrastructure.
If a data breach occurs that is likely to result in serious harm or risk to your rights, we will notify you and the relevant regulator within 72 hours of becoming aware of it. This is required by the GDPR and the Australian Notifiable Data Breaches scheme.
Children
X185Plus is a professional developer tool and is not directed at children under 16. We do not knowingly collect data from children.
Changes to this policy
If we change this policy, we will update the date at the top of this page. For significant changes, we will email you before they take effect. We will never quietly weaken your protections.
Contact
Questions, requests, or concerns about your privacy can be sent to [email protected]. A human reads every message.