Trust and security
A security vendor should be the easiest vendor to audit
You are considering giving our software access to your most sensitive asset: your code. Here is exactly how we handle that responsibility.
No telemetry, ever
Our products do not phone home. No usage analytics, no crash reporting to us, no license checks over the network. What happens in your network stays there.
Offline by architecture
Every engine runs without internet access. Vulnerability data arrives as a cryptographically signed offline bundle that you verify and import on your own schedule.
Signed, verifiable output
Scan outputs and manifests can be signed and independently verified, so a report can be trusted long after the scan that produced it.
Reproducible behavior
Deterministic engines mean your security team can reproduce any finding from any report. No black-box verdicts.
Minimal website data
This website collects only what you type into our forms. No advertising trackers, no third-party analytics scripts, no cookie banners hiding a data trade.
Vetted dependencies
Our products ship with permissively licensed, attributed third-party components, documented in the notices file distributed with each release.
Questions about our security posture, or need documentation for a vendor assessment? Write to contact@secunexa.com and we will get you what you need.