Probe scans public app surfaces. It uses the submitted URL and public response data to produce scan results, reports, support context, abuse prevention, and product reliability improvements.
The simple rule: send Probe the public URL you want scanned, not private credentials.
What Probe may collect
Probe may store the submitted URL, scan time, public response metadata, HTTP status codes, response headers, reachable public routes or assets, finding records, and report access state.
Evidence may include public asset paths, missing header names, route names, redacted key-like snippets, response behavior, or other public-surface signals needed to explain a finding.
Reports can contain sensitive security context even when secrets are redacted. Treat report links as internal security documents.
What Probe does not need
Probe does not need your GitHub token, repository access, Supabase dashboard, Supabase service-role key, Stripe secret key, AI service key, hosting login, database export, customer list, or user password for a normal scan.
Probe uses an AI service to generate the narrative summary in your paid report. Before sending data to the AI service, findings are sanitized and URLs are stripped, raw evidence is omitted, and remediation prompts are not included. The AI service processes this data as standard API calls; Probe does not authorize it to be used for training.
Support requests
When contacting support, send the smallest safe context: checkout email if relevant, submitted URL, report link, scan time, finding name, and what you need help with.
Do not send passwords, API keys, private credentials, unredacted production logs, customer PII, or database exports. If a finding involves a secret, rotate it with your technical owner and refer to the finding by name.
Retention and deletion
Probe retains scan, report, checkout, and support records only as needed for product access, billing records, abuse prevention, security review, and support. You can request deletion by emailing support@runprobe.com with the checkout email and report link if you have them.
Some billing and security records may need to be retained where required for payment, abuse-prevention, legal, or operational reasons.