Privacy Policy

Last Updated: January 17, 2025

Overview

Pantheon Security ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use MEDUSA, our open-source security scanning tool, and visit our website.

Information We Collect

MEDUSA CLI Tool

MEDUSA is designed with privacy in mind:

• No data collection: MEDUSA does not collect, transmit, or store any information about your code, scan results, or usage patterns.
• Local-only processing: All scanning occurs entirely on your local machine.
• No telemetry: We do not track usage statistics, error reports, or analytics from the CLI tool.
• No accounts required: MEDUSA does not require registration or authentication.

Website (pantheonsecurity.io)

When you visit our website, we may collect:

• Basic analytics: Page views, browser type, and referral sources (if analytics are enabled)
• Contact information: If you contact us via email, we collect your email address and message content
• Server logs: Standard web server logs including IP addresses and access times

How We Use Information

Information collected from our website may be used to:

• Improve our website and services
• Respond to your inquiries and support requests
• Send product updates (only if you opt-in)
• Analyze website traffic and usage patterns

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service providers: We may use third-party services (e.g., hosting, analytics) that process data on our behalf
• Legal requirements: If required by law, regulation, or legal process
• Security: To protect the rights, property, or safety of Pantheon Security, our users, or others

Third-Party Services

Our website may use the following third-party services:

• Netlify: Website hosting and CDN services
• GitHub: Code repository hosting (governed by GitHub's privacy policy)
• PyPI: Package distribution (governed by PyPI's privacy policy)

Open Source and Transparency

MEDUSA is open source (MIT License). You can review the complete source code at github.com/Pantheon-Security/medusa to verify our privacy claims.

Your Rights

You have the right to:

• Request access to any personal information we hold about you
• Request correction or deletion of your personal information
• Opt-out of marketing communications
• Object to processing of your personal information

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the internet is 100% secure.

Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children.

International Users

MEDUSA is available globally. If you are accessing our services from outside the United States, please be aware that your information may be transferred to and processed in the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: privacy@pantheonsecurity.io
• Security concerns: security@pantheonsecurity.io
• GitHub: github.com/Pantheon-Security/medusa