FP
FIREPAN

Privacy Policy

Last Updated: March 1, 2026

Back to Home
TermsPrivacy Policy

1. Introduction

Firepan, Inc., a Delaware corporation ("Firepan," "we," "us," or "our"), provides AI-powered smart contract security analysis, monitoring, and auditing services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information and other data when you access or use our website (firepan.com), APIs, command-line tools, and any related services.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, you must not access or use the Services. If you are using the Services on behalf of an organization, you represent and warrant that you have authority to bind that organization to this Privacy Policy.

2. Information We Collect

Account Information

  • Email address
  • Name
  • Company or organization name

Blockchain and Wallet Data

  • Public wallet addresses you provide or that are associated with analyzed contracts
  • On-chain transaction data related to analyzed smart contracts
  • We do not request or store private keys, seed phrases, or signing credentials

Code and Project Data

  • Smart contract source code you submit for analysis
  • Repository URLs and metadata
  • Analysis results and security findings
  • Compiled bytecode or ABI data you submit or that we retrieve from public blockchains

Public Repository Data

  • Publicly available code from GitHub and other public repositories
  • Organization and developer contact information from public sources
  • Repository metadata (stars, commits, contributors)

Usage Data

  • Log files and analytics data
  • Feature usage patterns
  • API call records
  • Device and browser information
  • IP addresses and approximate geolocation derived from IP

Payment Information

  • Payment details are processed by Stripe
  • We do not store full credit card numbers on our servers
  • We may retain the last four digits of your card, card type, and billing address for support and fraud-prevention purposes

3. Public Repository Scanning

Important Notice Regarding Automated Scanning: Firepan scans publicly available GitHub repositories and other public code sources as part of our security research, vulnerability disclosure, and business development activities.

  • We analyze public repositories to identify smart contract projects and potential security issues
  • We may contact developers and organizations based on our analysis of their public repositories
  • This outreach is based on publicly available information. Our legal basis under GDPR is legitimate interest (Article 6(1)(f)) in providing security services to the blockchain ecosystem. We have conducted a Legitimate Interest Assessment (LIA), which is available upon request

Your Rights:

  • You can opt out of receiving communications from us at any time
  • We maintain a suppression list for organizations that do not wish to be contacted
  • To opt out, email us at privacy@firepan.com with "Opt Out" in the subject line
  • We will process your opt-out request within 10 business days
  • Opt-out applies to marketing communications only; we may still process publicly available code for security research purposes, subject to applicable law

4. How We Use Your Information

We use the information we collect to:

  • Provide security analysis and scanning services
  • Generate vulnerability reports and security findings
  • Send you alerts about security issues in your code
  • Process payments and manage your subscription
  • Send marketing communications (with your consent or based on legitimate interest)
  • Improve our services through aggregate analytics
  • Comply with legal obligations
  • Protect against fraud and abuse
  • Enforce our Terms of Service and other agreements
  • Respond to lawful requests from law enforcement and regulatory authorities
  • Conduct internal research and development to improve our AI models and detection capabilities, using only anonymized and aggregated data unless we have obtained your explicit written consent

5. AI Processing and Third-Party Providers

AI Analysis

Your code is processed using artificial intelligence technologies to identify potential vulnerabilities. This processing involves third-party AI providers. AI-generated findings are probabilistic and may contain false positives or false negatives. Firepan's AI analysis does not constitute a guarantee of security, a formal audit opinion, or professional engineering advice.

Third-Party AI Providers

We use the following AI providers to analyze code:

  • DeepSeek — AI analysis services

DeepSeek is operated by an entity based in the People's Republic of China. By using Firepan's Services, you acknowledge that your code may be processed by DeepSeek in or from jurisdictions outside the United States, including China, which may have different data protection standards. Enterprise customers may opt out of DeepSeek processing by contacting us.

  • OpenAI — AI analysis services
  • Anthropic — AI analysis services

Each provider has their own privacy policy and data handling practices. We contractually require these providers to:

  • Process your code only for analysis purposes
  • Not use your code to train their general-purpose models
  • Maintain appropriate security measures
  • Delete or return your code upon completion of processing or within 30 days, whichever is sooner
  • Notify Firepan promptly in the event of a data breach affecting your code
  • Comply with our Data Processing Addendum (DPA), available upon request

Our Commitment

  • We do not train our own proprietary models on customer code without explicit written consent
  • We do not sell your code or analysis results to third parties
  • We maintain a sub-processor list, available at firepan.com/sub-processors, and will notify customers of material changes to our sub-processor list at least 30 days in advance

6. Other Third-Party Services

We use additional third-party services to operate our platform:

  • GitHub API — Repository scanning and integration
  • Stripe — Payment processing
  • SendGrid — Email communications
  • Vercel and Digital Ocean — Website hosting
  • Analytics providers (e.g., Google Analytics, Mixpanel, or similar) — Usage analytics

Each service processes data according to their own privacy policies. Additional services may be added or removed as deemed necessary.

7. Data Retention

We retain your data according to the following schedule:

Data TypeRetention Period
Analysis results90 days after project completion for free-tier users; duration of active subscription plus 90 days for paid-tier users; or as otherwise specified in your Enterprise agreement
Submitted codeDeleted within 30 days of analysis completion
Account dataWhile account is active + 90 days after deletion request
Marketing contact dataUntil you opt out
Payment recordsAs required by law (typically 7 years)
Blockchain-related dataRetained for the duration of the subscription plus 1 year, as this data is necessary for historical analysis and audit trail purposes
Aggregated and anonymized dataMay be retained indefinitely for research, analytics, and service improvement purposes

8. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and personal data
  • Opt-out: Unsubscribe from marketing communications
  • Portability: Export your security reports and analysis data
  • Object: Object to processing based on legitimate interest
  • Restriction: Request restriction of processing in certain circumstances
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@firepan.com. We will respond to verifiable requests within 30 days (or 45 days with notice if reasonably necessary).

8A. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to purposes necessary to provide the Services

To submit a CCPA request, contact privacy@firepan.com. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

9. International Users

GDPR (European Economic Area and UK)

If you are in the EEA or UK, our legal bases for processing are:

  • Contract: Processing necessary to provide services you requested
  • Legitimate Interest: Business operations, security, and B2B marketing
  • Consent: Marketing communications where required
  • Legal Obligation: Compliance with applicable laws and regulations

Your Additional Rights:

  • Right to lodge a complaint with a supervisory authority
  • Right to object to direct marketing at any time
  • Right to restrict processing in certain circumstances
  • Right to data portability in a structured, commonly used, machine-readable format

International Data Transfers

FirePan is based in the United States. If you are accessing our services from outside the US, your data will be transferred to and processed in the US.

For transfers from the EEA/UK, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Other lawful transfer mechanisms as appropriate
  • The EU-U.S. Data Privacy Framework, where applicable

For transfers to third-party AI providers operating outside the EEA/UK (including providers in China), we implement supplementary measures including encryption in transit, contractual restrictions on onward transfer, and, where possible, pseudonymization of code prior to transmission.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Functions: Site functionality, authentication, security
  • Analytics: Understanding how users interact with our services
  • Preference Cookies: Remembering your settings and preferences

Where required by law, we obtain consent before placing non-essential cookies. You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings.

11. Children's Privacy

The Services are designed for business and professional use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a person under 18, we will take reasonable steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@firepan.com.

12. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for stored data
  • Secure API key management
  • Access controls and authentication
  • Regular security assessments
  • SOC 2 Type II compliance (or in progress) for organizational security controls
  • Employee security training and background checks
  • Incident response procedures and disaster recovery plans

However, no system is completely secure. We cannot guarantee absolute security of your data.

12A. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  1. Notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach
  2. Notify relevant supervisory authorities as required by applicable law
  3. Provide information about the nature of the breach, the data affected, and the steps we are taking to address it
  4. Take immediate steps to contain and remediate the breach

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of the Services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised policy, you must stop using the Services and may request deletion of your account.

14. Contact Us

For questions about this Privacy Policy or our data practices:

Email: privacy@firepan.com

For inquiries related to the General Data Protection Regulation (GDPR), please contact us directly at the email address above. Firepan, Inc. is a U.S.-based entity.

15. Dispute Resolution

Any dispute arising out of or relating to this Privacy Policy shall be resolved in accordance with the dispute resolution provisions set forth in our Terms of Service at firepan.com/terms. To the extent permitted by applicable law, you agree to resolve disputes individually and waive any right to participate in a class action.

16. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry-wide standard for compliance. We will update this policy if a standard is established.

17. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions, except where superseded by applicable data protection laws (such as the GDPR for EEA/UK residents or the CCPA for California residents).

If you have any questions about these privacy policy, please contact us.