Privacy Policy
Effective Date: March 1, 2026 · Last Updated: March 1, 2026
Cuper.ai ("Cuper", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.
1. What We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — for authentication and communication
- Name (optional) — for personalization
- Password — stored securely as a hash (we never see or store plaintext passwords)
1.2 Device Scan Data
When you use Cuper's desktop application, the scanner analyzes your device locally. Specifically:
- Agent names and config paths — which AI agents are installed and their configuration file locations
- Security findings — misconfigurations, permission issues, and risk scores
- System metadata — OS type and hostname (for device identification only)
Important: Scan processing happens entirely on your device. Scan results are only sent to our servers if you opt into Premium features like Remote Control, Sync, or Cloud Reports. Free users' data never leaves their device.
1.3 Payment Information
If you subscribe to Premium, payments are processed by Stripe. We never see or store your full credit card number. We only receive a Stripe customer ID and subscription status.
1.4 Usage Data
We may collect anonymous, aggregated usage statistics (e.g., number of scans run, feature usage) to improve the product. This data cannot identify individual users.
2. How We Use Your Data
- Provide the service — authenticate you, run security scans, deliver findings
- Sync across devices — if you enable Remote Control or multi-device features (Premium)
- Send alerts — notify you of security changes on your devices (Premium)
- Process payments — manage your subscription via Stripe
- Improve the product — understand how features are used and fix bugs
- Communicate — send critical security notices or account-related emails
We never sell, rent, or trade your personal data to third parties for marketing purposes.
3. Data Storage & Security
- Account and profile data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) — each user can only access their own data
- All data in transit is encrypted via TLS/HTTPS
- Passwords are hashed using Supabase Auth's bcrypt implementation
- API endpoints are rate-limited and protected by authentication tokens
- Scan data processed locally never leaves your device unless you explicitly sync it
4. Third-Party Services
We use the following third-party services:
- Supabase — database, authentication (hosted on AWS)
- Stripe — payment processing
- OpenAI — Cuper Guard AI (Premium feature; your scan context may be sent to OpenAI's API to generate personalized security advice)
- Vercel — website and API hosting
Each third-party service has its own privacy policy. We encourage you to review them.
5. Data Retention
- Account data — retained as long as your account is active. Deleted upon account deletion request.
- Scan reports — retained for up to 90 days per user (auto-pruned).
- Config backups — retained for up to 50 backups per user (auto-pruned).
- Alerts — retained for up to 200 per user (auto-pruned).
6. Your Rights
You have the right to:
- Access your data — view your profile and stored scan data at any time
- Correct your data — update your profile information
- Delete your data — request complete account and data deletion by emailing us
- Export your data — download your scan reports and findings
- Withdraw consent — disable cloud sync features at any time
To exercise any of these rights, contact us at privacy@cuper.ai.
7. Cookies
The Cuper.ai website uses minimal cookies for essential functionality only:
- Authentication cookies — to keep you signed in
- We do not use advertising cookies or third-party tracking cookies
8. Children's Privacy
Cuper is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We'll notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of Cuper after changes constitutes acceptance.
10. Contact
For privacy-related questions, contact us at: