LEGAL
Privacy Policy
How Nandix collects, uses, and protects your data.
Last updated: June 2026
1. Who We Are
Nandix (nandiscan.com) is a security scanning hub operated by ShunyaX Labs (Udyam Registration UDYAM-MH-18-0546132), based in Mumbai, Maharashtra, India. This Privacy Policy explains what data Nandix collects, why we collect it, how long we keep it, and the rights you have over it.
2. Data We Collect
- GitHub profile — name, email address, and avatar, obtained via GitHub OAuth when you sign in to download or share a report.
- Scan target URLs — the endpoints and parameters you submit for scanning.
- Scan results and grades — the findings, scores, and reports produced by a scan.
- Consent timestamps — when you affirmed you are authorized to scan a target.
- IP addresses — recorded for rate limiting and abuse prevention.
- Download and share audit logs — the user, scan, action (download or share), and timestamp, recorded for accountability.
3. Why We Collect It
- To authenticate users via GitHub for report download and sharing.
- To attribute scan reports to the account that generated them.
- To enforce accountability for PDF downloads and shared report URLs.
- To prevent abuse, enforce rate limits, and keep the service reliable.
4. What We Do NOT Collect
- Passwords — authentication is delegated to GitHub OAuth; we never see your credentials.
- Payment data — Nandix is free to use and has no billing.
- Cookie values from scanned targets — cookie values are redacted at parse time and never stored.
- Raw response bodies from scanned targets — responses are analyzed in memory and are not retained beyond analysis.
5. Data Retention
Scan results are retained indefinitely unless you request their deletion, so that your report links and history remain available. Your GitHub profile data is retained while your account is active. Audit logs are retained for as long as the associated scan exists.
6. Data Sharing & Disclosure
We do not sell, rent, or share your personal data with third parties. Scan results published to a public report URL are visible to anyone who has the link — these are generated only when you, as a signed-in user, choose to share a report. We may disclose data where required by law or to protect the rights, safety, and integrity of the service.
7. Your Rights & Data Deletion
You may request access to, correction of, or complete deletion of your personal data and scan history at any time. To do so, email nandix@shunyax.com. We will action verified requests within a reasonable period.
8. Contact
Data and deletion requests: nandix@shunyax.com. General and business enquiries: business@shunyax.com.
This policy is provided for transparency. Consult legal counsel for binding interpretation.