Privacy Policy

Effective: March 15, 2026

What is Dojigiri?

Dojigiri is a static analysis security scanner provided as a SaaS API by Mythral Technologies Inc. You submit code snippets via the API, we scan them for vulnerabilities, and return the results. This policy explains what data we collect, how we use it, and what we don't do.

Data we collect

Email address — collected at sign-up to create your account, issue and manage your API key, and verify your identity via email confirmation token.
Scan metadata — timestamps, language detected, line count, number of findings, response times. Used for rate limiting, usage tracking, and service improvement.
Rate limit data — request counts and timing per API key to enforce plan limits.
IP addresses — logged temporarily for security and abuse prevention. Not stored in the application database. Retained in server logs per our infrastructure provider's retention policy.

Code you submit

When you send code snippets to the Dojigiri API, your code is processed server-side to perform static analysis. We do not store your submitted code after scanning completes. Code exists in memory only for the duration of the scan and is discarded once results are returned.

We do not use your code to train models, build datasets, or for any purpose beyond performing the scan you requested.

Data we do NOT collect

We do not use cookies on the landing page. API authentication uses API keys, not browser sessions.
We do not collect or store your source code beyond the duration of a scan.
We do not track you across websites.
We do not store credit card numbers or payment details (see Third-Party Services below).

Third-party services

Stripe — Paid plans are billed through Stripe, Inc. Your payment information is collected and processed directly by Stripe. We do not store credit card details. Stripe's handling of your data is governed by the Stripe Privacy Policy.
Google Fonts — Our website loads fonts from Google Fonts, which may transmit your IP address to Google. See Google's Privacy Policy.
Cloudflare — Used for CDN, DNS, and security (DDoS protection). Cloudflare may process your IP address and request metadata. See Cloudflare's Privacy Policy.
Railway — Our infrastructure provider. See Infrastructure section below.

Data sharing

We do not sell, rent, or share your personal data with third parties except as described above (Stripe for payment processing). Your data is only accessed by Mythral Technologies Inc. for the purpose of operating the Dojigiri service.

Infrastructure

Dojigiri is hosted on Railway using US-based infrastructure. All API traffic is encrypted in transit via TLS. Data at rest (account info, scan metadata) is stored in encrypted databases on the same infrastructure.

If you are located in the EU/EEA, your data is transferred to the United States. This transfer is necessary for the performance of our contract with you (Art. 49(1)(b) GDPR).

Data retention

Account data (email, API key hash) — retained while your account is active. Deleted upon request.
Scan metadata — retained for up to 90 days for usage analytics, then purged.
Submitted code — not retained. Discarded immediately after scan completion.
Server logs — which may include IP addresses and request metadata, are retained per our infrastructure provider's default retention policy (typically 7 days for Railway).

Your rights

You can request deletion of your account and all associated data at any time by contacting us. We will process deletion requests within 30 days.

Regulatory framework

PIPEDA (Canada) — As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act. You have the right to access, correct, and request deletion of your personal information.
GDPR (European Union) — If you are located in the EU/EEA, our lawful basis for processing your personal data is contract performance (providing the service you signed up for). For scan metadata retained for service improvement, our lawful basis is legitimate interest (Art. 6(1)(f) GDPR). You may object to this processing by contacting us. You have the right to access, rectify, erase, restrict processing, and port your data. To request a copy of your data in a portable format, contact us at tattoo.laforge@gmail.com. We will provide your data in JSON format within 30 days. To exercise these rights, contact us at the address below.
CCPA (California) — If you are a California resident: we do not sell your personal information. You have the right to know what data we collect, request deletion, and opt out of any sale (though we do not sell data). We do not discriminate against users who exercise their privacy rights.
Quebec (Law 25) — The person responsible for the protection of personal information at Mythral Technologies Inc. is Stephane Perez, reachable at tattoo.laforge@gmail.com. In the event of a confidentiality incident involving your personal information, we will notify the Commission d'accès à l'information du Québec and affected individuals as required by Law 25. Privacy impact assessments are conducted as required when implementing new personal information collection practices.

Data Breach Response

If we become aware of a breach involving your personal data, we will notify affected users and relevant authorities in accordance with applicable law, including within 72 hours where required by GDPR and as soon as feasible under PIPEDA.

Security

We take reasonable measures to protect your data, including TLS encryption for all API traffic, SHA-256 hashing of API keys, scoped authentication, and infrastructure-level isolation. If you discover a security issue, please report it to tattoo.laforge@gmail.com.

Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated via the email associated with your API key. Continued use of the API after changes constitutes acceptance.

Contact

Questions about this policy or your data? Contact us:

Mythral Technologies Inc.
Montreal, Quebec, Canada
Email: tattoo.laforge@gmail.com