Data Flow & AI Processing
Plain-language complement to our Privacy Policy. When the two ever appear to conflict, the Privacy Policy is legally binding; this page exists to make the same facts visible without a legal-document reading.
your env → us
Scanner findings (CVE, file path, snippet) · Repo metadata · CI/CD configs · AWS topology metadata · ECR image digests · Tenant repositories cloned into ephemeral workers for scan and analysis jobs
us → Anthropic
Rule identifiers · File paths · Configuration files or snippets · Finding metadata · Relevant source files or excerpts from the cloned repo when needed for classification, narrative, or reachability analysis
not requested
Application secrets · Environment variables · Customer data inside your services · Database contents · DB credentials · Known secret patterns before AI calls, when detected
| Integration | Permission scope | Justification | What we cannot do |
|---|---|---|---|
| GitHub App | contents:read, metadata:read, checks:read, pull_requests:read on selected repos | Clone selected repositories into VigilChain workers for transient scan and analysis jobs; read CI status; read PR metadata for owner mapping | Push, merge, delete, modify branch protection, install other apps |
| AWS cross-account IAM role | Read-only on EC2, ECS, ECR, ELB, IAM, CloudWatch, S3 metadata. Trust policy requires our account ID + external-id | Discover topology to map deployment chain | Create, modify, or delete any resource in your AWS account |
| Scanner outputs (SAST / SCA / cloud posture) | Generated by VigilChain workers from cloned repos, dependency and container metadata, and read-only cloud metadata | Produce findings for deployment-chain ranking | Access scanner credentials; require you to modify your CI workflow for SAST results |
| Jira / Linear / GitHub Issues | Write-scoped to the project you specify | Create and update tickets for findings | Read other projects, modify project settings, delete tickets you didn't author |
| Category | Stored where | Retained how long | Encryption |
|---|---|---|---|
| Source code (transient) | Worker checkout + scratch volume during scan and analysis job | Duration of scan or analysis job, then purged | TLS 1.2+ in transit; encrypted scratch volume |
| Scanner findings (CVE, path, snippet) | Tenant DB row | Life of finding (or until you delete it) | AES-256 (RDS, KMS) |
| Asset metadata (repo names, ECR digests, ALB DNS, task defs) | Tenant DB row | Life of account | AES-256 |
| Account & user data | Tenant DB row | Life of account; deleted within 60 days of closure | AES-256 |
| Audit logs | Tenant DB row | 7 years | AES-256 |
| RDS backups | AWS RDS snapshots | 30 days | AES-256 (KMS) |
| AI prompts (sent to Anthropic) | Anthropic infrastructure | Up to 30 days under standard terms (subject to ZDR negotiation) | Anthropic-controlled |
Rule classification. Rule ID, scanner name, and rule description text. Used to map vendor rules to canonical VC taxonomy.
Dedup confirmation. Rule IDs and metadata for the candidate cluster. Usually only the cluster's metadata, though AI-assisted analysis may inspect related source files from the cloned repository when needed to resolve an ambiguous match.
Repo deployment-chain analysis. CI/CD config files (.github/workflows/*.yml, Dockerfile, infra-as-code like Terraform *.tf). These configuration files may be inspected from the cloned repository to map build, image, and deployment relationships.
Finding narrative + reachability. File path, rule context, and relevant source code from the cloned repository when needed to explain the finding or assess code-path reachability. The amount of context depends on the rule, language, and repository structure.
Reachability today is deployment-chain reachability (deterministic) plus AI-assisted code-path analysis (advisory). Not deterministic call-graph reachability today. Anthropic standard API terms apply today; prompts may be retained up to 30 days for trust-and-safety. ZDR is in negotiation. Per-tenant AI disable is on the roadmap.
| Control | Today | Roadmap |
|---|---|---|
| Per-tenant AI disable | — | planned |
| ZDR with Anthropic | in negotiation | — |
| Private model / on-prem inference | — | not committed |
| Snippet-window size cap | 30 lines | configurable per tenant |
| Pre-AI secret redaction | ✓ | — |
The Privacy Policy is the legally binding policy. Our Security page covers responsible disclosure and safe harbor. A DPA is available on request at legal@vigilchain.com.