Privacy Policy
We are so serious about privacy that we do not even want your data. This policy explains what little we do collect, why, and how.
Data controller: Activemind Solutions AB · Last updated: 2026-05-22
This website
securecodebydesign.com is a static website with no analytics, no tracking scripts, and no cookies. We do not embed third-party SDKs, advertising pixels, or behavioural monitoring of any kind.
Our hosting provider (Oderland) retains standard web server logs — IP address, timestamp, requested URL, HTTP status code, and user agent. These logs exist for operational and security purposes and are not used for profiling or marketing. They are retained according to Oderland's standard data retention policy.
Fonts are self-hosted on our server. No request is made to Google Fonts, Google's servers, or any other third party when loading this website.
Contact enquiries
When you contact us via email at info@activemind.se or security@activemind.se, the information you provide is used solely to respond to your enquiry. We do not add email addresses to mailing lists without explicit consent.
Email is processed by Activemind Solutions AB and stored on our mail servers in accordance with Swedish law and GDPR.
scd CLI — zero data collection
The scd command-line tool runs entirely on your machine. It does not send your source code, scan findings, file paths, repository names, or any other data anywhere. No network connection is made during a standard scan.
The only optional network activity is the AI deep analysis feature (scd scan --deep), which is opt-in and documented separately below.
scd-server — self-hosted, your infrastructure
scd-server is a self-hosted product that runs inside your own infrastructure. Activemind has no access to your scd-server installation, your scan results, your findings, your developer activity, or any other data stored by scd-server.
scd-server makes one outbound connection to Activemind infrastructure: a license heartbeat sent every 24 hours to api.securecodebydesign.com. This request contains:
- Your licence key and signature — used to verify that the licence is valid
- A machine fingerprint — used solely to verify that the licence is being used on the authorised installation, not for tracking or profiling of any kind
- The scd-server version number
- A timestamp
No code, no findings, no user data, and no repository information is included in this request. Every scd-server release ships with an integrity manifest that documents this connection in full.
AI deep analysis (opt-in)
When AI deep analysis is triggered with scd scan --deep, the CLI sends the request to scd-server, which in turn forwards the relevant data to the configured AI provider. Only the following is sent to the AI provider:
- The triggering code line
- Up to 8 lines of surrounding context
- The rule ID and finding category
Whole files, file paths, repository structure, and other findings are never transmitted. Every analysis result records code_left_environment: true/false in the audit output, giving you a verifiable, per-finding record.
The applicable privacy policy and data processing terms are those of the configured AI provider. When using a cloud-based AI provider, the data described above is processed according to that provider's terms. When using a local AI provider (coming soon), nothing leaves your network — analysis runs entirely within your own infrastructure.
Subscription and licence data
When purchasing a subscription or licence for scd-server, we collect and store the information necessary to manage the customer relationship: company name, contact name, email address, and billing information. This data is used for licence management, invoicing, and customer support.
The legal basis for this processing is performance of contract (GDPR Article 6(1)(b)). We retain this data for as long as the customer relationship is active and for as long as required by Swedish accounting legislation (seven years).
This data is not shared with third parties except where required to fulfil the contract (for example, payment processing), and is not used for any purpose other than managing the customer relationship and the associated licence.
Your rights
Under GDPR, you have the right to access, correct, and request deletion of any personal data we hold about you. Since we collect very little data, most requests will result in confirmation that we hold nothing beyond standard server logs.
To exercise your rights, contact us at info@activemind.se. We aim to respond within 30 days.
Data controller
Activemind Solutions AB
Sweden
info@activemind.se
Changes to this policy
If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We will not reduce your rights under this policy without clear notice.