Privacy Policy

We don't store your data. NPMScan analyzes packages in real time and discards everything right after generating the report.

What we collect as a normal user

  • Nothing.
  • No tracking.
  • No ads.
  • No analytics that follow you around the internet. We only store your email if you subscribe to our newsletter or marketing updates β€” and you can unsubscribe anytime.

Enterprise customers

If you use our enterprise services, you may voluntarily provide project-related information so we can help with your security needs.

We follow three strict rules:

  • We only keep the data you choose to share.
  • We delete everything immediately when:
    • you stop paying for the service,
    • you request deletion,
    • or the system determines it's no longer needed and auto-clears it.
  • We never access your data for any reason other than helping you identify security issues.

No third-party selling or sharing

  • We don't sell, rent, or trade your information.
  • We don't run ads.
  • We don't participate in any tracking networks.

Regional compliance

We respect the privacy laws of every jurisdiction we operate in. Here is what that means for you specifically.

πŸ‡ΊπŸ‡ΈUnited StatesCCPA & US Privacy Laws
  • We comply with the California Consumer Privacy Act (CCPA) and applicable US federal privacy laws.
  • We do not sell, share, or trade your personal information with third parties for commercial purposes.
  • California residents may request to know what data we hold, request its deletion, and opt out of any data sale β€” we hold none to sell.
  • The only personal data we ever collect is an email address you voluntarily submit for newsletter updates, which you can remove at any time.
πŸ‡¬πŸ‡§United KingdomUK GDPR & Data Protection Act 2018
  • We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
  • UK residents have the right to access, correct, erase, restrict, and port any personal data we hold about them.
  • Our lawful basis for processing any personal data is either legitimate interest or your explicit prior consent.
  • You may raise a concern with the Information Commissioner's Office (ICO) at ico.org.uk at any time.
πŸ‡ͺπŸ‡ΊEuropean UnionGDPR (Regulation 2016/679)
  • We comply with the EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.
  • EU/EEA residents hold the right to access, rectify, erase, restrict, and port their personal data, and to object to processing.
  • We apply the data-minimisation principle β€” we process only the absolute minimum personal data necessary.
  • You may lodge a complaint with your national Data Protection Authority (DPA) at any time.

Your rights

  • Ask us to delete your stored enterprise data at any time.
  • Unsubscribe from emails at any time.
  • Contact us with privacy questions whenever you need.

Contact

If you have questions or want your data removed, contact us:Β shyngys@blockhacks.io