Skip to main content

Legal

Privacy Policy

Last updated: February 27, 2026  ·  NOMARK Pty Ltd  ·  Queensland, Australia

1. What We Collect

Website analytics: Vercel Analytics is used for privacy-respecting page view tracking without cookies. We also use Google Analytics (GA4) for aggregate usage data — page views, referrers, device type, and countries. Google Analytics cookies are only set with your consent. No advertising features or cross-site tracking are enabled. No individual user profiles are built.

CLI tool: Zero telemetry. The Sigil CLI does not phone home, does not report scan results, and does not collect usage data of any kind. It is open source — verify this yourself at github.com/NOMARJ/sigil.

Pro and Team accounts: We collect your email address and billing information. Billing is processed by Stripe — we do not store payment card numbers.

2. Package Author Data

Data sources: Public package registries (PyPI, npm, ClawHub), public GitHub repositories and profiles.

Purpose: Security transparency — enabling developers to assess risk before installing packages.

Data minimisation: Only public data is collected. No unnecessary personal data is stored. Author names and handles are sourced directly from public registries.

3. Lawful Basis (GDPR)

Legitimate interest (GDPR Article 6(1)(f)). Processing public registry metadata for community security purposes. The legitimate interest is enabling the open-source community to identify potentially malicious packages before installation.

4. How We Use It

Analytics data is used in aggregate to understand which content is useful and how the site performs. We do not build individual profiles.

Account email addresses are used for product updates, billing receipts, and support. We do not sell, share, or rent email addresses to third parties.

Package author data from public registries is used solely to provide provenance context in scan reports.

5. Third-Party Services

  • Vercel Hosting and edge delivery
  • Stripe Payment processing for Pro and Team plans
  • Vercel Analytics Privacy-respecting web analytics (no cookies)
  • Google Analytics Aggregate site usage analytics (consent required)

6. Your Rights

Under applicable data protection laws (including the Australian Privacy Act 1988 and GDPR), you have the right to:

  • Access data held about you
  • Object to processing of your data
  • Request removal of your data from scan reports
  • Request deletion of your account and associated data

7. Data Retention

Scan results: Retained indefinitely as part of the public scan database.

Personal data: Removed within 30 days on valid request. Contact security@sigilsec.ai.

8. Cookies & Analytics

We use Google Analytics (GA4) to understand how visitors use the site. Google Analytics sets cookies (_ga, _ga_GGXK0RK8R8) only after you consent via the cookie banner. IP addresses are anonymised by default. We do not enable advertising features or cross-site tracking.

We also use Vercel Analytics, which does not use cookies and collects no personally identifiable information.

For full details, see our Cookie Policy.

9. Contact

NOMARK Pty Ltd, Queensland, Australia
security@sigilsec.ai

SigilSIGIL by NOMARK
A protective mark for every line of code.
Terms of Service →Methodology →← Back to Home