Privacy and Data ProtectionPolicy
1. DATA PROCESSING AND ITS ROLES
1.1. Under the LGPD and GDPR, Micah 6 AI acts as a Data Processor regarding the source code uploaded by the User. The User acts as the Data Controller.
1.2. The Ephemeral Lifecycle: Micah 6 AI operates on a "Zero-Persistence" principle for User Content. We do not store your source code beyond the immediate processing window.
1.3. Automatic Deletion: Once the technical report is generated and delivered to your session, the underlying source code files are programmatically purged and permanently deleted from our active production environment.
1.4. Human Access Restriction: Micah 6 AI personnel do not access, read, or review the uploaded source code during the automated analysis process. Access to User Content is strictly prohibited except in the limited circumstance where the User explicitly requests technical support and provides written authorization for such access.
2. DATA SECURITY AND ENCRYPTION
2.1. Encryption in Transit: All User Content is transmitted from the User's browser to the Service’s infrastructure using Transport Layer Security (TLS 1.2 or higher) protocols.
2.2. Encryption at Rest: Any data temporarily residing within our cloud database is encrypted at rest using AES-256 encryption standards provided by the infrastructure sub-processor.
2.3. No Persistent Storage: Micah 6 AI utilizes an Ephemeral Processing Model. Once the technical report is generated and the session is terminated or the PDF is successfully delivered, the uploaded source code is automatically and permanently deleted from all active production databases and transient storage.
2.4. No Model Training: We expressly confirm that your uploaded source code is processed via secure APIs and is not utilized by Micah 6 AI or its sub-processors to train or improve foundational AI models.
3. SUB-PROCESSORS AND INFRASTRUCTURE
3.1. To provide the Service, Micah 6 AI engages specialized third-party sub-processors. 3.2. These partners are selected based on their compliance with international security standards (SOC2, ISO 27001).
3.3. Cloud Infrastructure: We utilize enterprise-grade hosting and database providers to ensure data is encrypted at rest and in transit.
3.4. AI Analysis: Code analysis is performed by leading generative AI infrastructure providers via secure API (no data is used for model training).
3.5. Payments: All financial data is handled by a PCI-DSS compliant payment gateway.
3.6. The up-to-date list of our specific sub-processors contains Supabase, MongoDB, Google, Anthropic, OpenAI, Stripe, Paypal, Streamlit, Taipy, Supabase, and AWS, and their use vary according to the service availability and user region.
4. ANONYMIZED METADATA & RESEARCH
Micah 6 AI reserves the right to retain fully anonymized, de-identified metadata (e.g., aggregate vulnerability frequencies or architectural patterns). This metadata contains no code snippets, PII, or identifiable markers and is used for academic research and industry benchmarking.
5. INTERNATIONAL DATA TRANSFERS AND STORAGE JURISDICTION
5.1. Flexible Hosting: Micah 6 AI utilizes a global cloud infrastructure to ensure Service availability and performance. You acknowledge and consent that your data (including account metadata and transient source code) may be processed and stored in various jurisdictions, including but not limited to Brazil and the United States.
5.2. Compliance with Transfer Frameworks: All international transfers of data are conducted in strict accordance with:
-
LGPD (Art. 33): Ensuring the receiving country provides a level of data protection equivalent to Brazilian law.
-
GDPR (Chapter V): Utilizing Standard Contractual Clauses (SCCs) or existing Data Privacy Frameworks for transfers from the EEA to the US.
-
Sub-processor Standards: We only utilize sub-processors (e.g., Supabase, Google, Stripe) that maintain SOC2 Type II certification and provide robust cross-border data protection safeguards.
5.3. Academic Data Residency: Anonymized, aggregated metadata used for research purposes may be stored indefinitely in flexible jurisdictions to facilitate international academic collaboration and benchmarking.
6. DATA SUBJECT RIGHTS
6.1. Right to Erasure (Deletion): In accordance with LGPD (Art. 18) and GDPR (Art. 17), Users may request the permanent deletion of their personal data (Account Metadata) at any time by contacting [info@micah6ai.com].
6.2. Automatic Deletion vs. Manual Request: As per Section 1.2, Proprietary Source Code is purged automatically upon report delivery. Therefore, a manual deletion request is not required for source code. Manual requests apply to account history, email addresses, and identification markers.
6.3. Access and Correction: Users have the right to obtain a copy of their personal data held by Micah 6 AI and to correct any inaccuracies.
7. DATA COLLECTION AND USE
7.1. Voluntarily Provided PII: When you request contact, a demo, or subscribe to our newsletter, we may collect personal identifying information (PII) including: Name and Last Name, Professional Email Address, Phone Number, and Company Name.
4.2. Marketing and Communications: If you provide explicit consent (Opt-In), we may use your email to share promotional content, newsletters, and service updates. You may revoke this consent at any time via the "Unsubscribe" link in any communication or by emailing [info@micah6ai.com].
7. COOKIES AND BEHAVIORAL TRACKING
7.1. We use essential session cookies to maintain your encrypted connection and process your upload: Necessary for the "Secure Checkout" and upload functionality.
7.2. Behavioral Analytics (Hotjar): We use Hotjar to understand user needs and optimize the Service. Hotjar uses cookies to collect data on user behavior and devices (IP address in anonymized form, screen size, browser info, geographic location).
7.3. Marketing Tags (Meta Pixel & GTM): We use these tools to measure the effectiveness of our advertising and to provide relevant content to users who have interacted with our platform. No proprietary source code is ever shared with these marketing sub-processors.