🚀 Launch Special: 50% off with code LAUNCH50. Offer ends Dec 31, 2026Get Started

Privacy Policy

Last updated: June 1, 2026

Cerebion LLC ("Cerebion", "we", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account and Purchase Data

  • Name, work email address, company name, job title, phone number
  • Billing information (processed by Stripe — we do not store card details)
  • License keys and subscription status

License Validation Data

  • License key and device fingerprint (for license validation only)
  • Software version and operating system type
  • Validation timestamp and frequency

Website Usage Data

  • IP address, browser type, pages visited, referral source
  • Contact form submissions and support requests

2. What We Do NOT Collect

Cerebion Rivet runs entirely on your infrastructure. We do not collect, receive, transmit, or store:

  • Source code, binaries, or files you analyze
  • Scan results, findings, or vulnerability reports
  • Certificate contents or network topology data
  • Any data from your internal systems or repositories

3. How We Use Your Data

  • License delivery: Sending license keys and activation instructions
  • License validation: Verifying active subscriptions and seat counts
  • Support: Responding to technical and billing inquiries
  • Billing: Processing payments and managing subscriptions via Stripe
  • Legal compliance: Meeting regulatory and contractual obligations
  • Product improvement: Aggregated, anonymized usage analytics only

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to deliver the Software and license
  • Legitimate interests: License validation, fraud prevention, security
  • Legal obligation: Compliance with applicable laws
  • Consent: Marketing communications (where applicable)

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe: Payment processing (Stripe Privacy Policy)
  • Amazon Web Services: Infrastructure and email delivery (SES)
  • Legal authorities: When required by law or valid legal process

Third-Party AI Providers (Optional Feature)

Cerebion Rivet includes an optional AI-powered fix suggestion feature. If you choose to use this feature, code snippets from your findings are sent directly from your machine to the AI provider you configure (e.g., Google Gemini, Anthropic Claude, OpenAI, Azure OpenAI, or a self-hosted Ollama instance). Cerebion does not receive, process, or store any code or scan data transmitted to these providers. Your use of these third-party AI services is governed by each provider's own privacy policy and terms of service. This feature is entirely optional and disabled by default.

6. Data Retention

  • Account data: Retained for the duration of your subscription plus 7 years for legal/tax purposes
  • License validation logs: 90 days rolling retention
  • Website analytics: 24 months
  • You may request deletion of your data subject to legal retention requirements

7. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, email privacy@cerebion.com. We will respond within 30 days.

8. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal data). To exercise CCPA rights, contact privacy@cerebion.com.

9. International Transfers

Your data may be processed in the United States. For EU/EEA users, transfers are made under Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security assessments. However, no system is completely secure.

11. Cookies

We use essential cookies for session management and security. We do not use third-party advertising or tracking cookies. You may disable cookies in your browser settings.

12. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this policy and will notify you by email or prominent notice on our website at least 30 days before material changes take effect.

Contact

Privacy inquiries: privacy@cerebion.com
General: support@cerebion.com
Cerebion LLC, Michigan, USA