Trust and privacy
Built to answer the scary questions plainly.
Sivero is for teams that want to understand security risk without wondering whether the scanner itself is turning their code into a permanent asset. This page explains the trust model in plain language.
What this means
How Sivero handles source code
Raw pasted code is processed for the scan, but not stored in your account.
ZIP uploads are filtered in the browser first so non-scannable files never leave your machine.
Saved reports store findings, scan metadata, and your own triage states - not a permanent copy of your source code.
GitHub App access is meant for scanning repositories you explicitly connect, not broad background collection.
The practical promise
What to expect
You should always be able to explain to your team what was stored and what was not.
You should always be able to remove saved reports you no longer want in your history.
You should not need to understand AppSec jargon to know whether something is safe to release.