OpenACA

Privacy Policy

Last updated: June 13, 2026

This policy describes how OpenACA handles information for the public website, the open-source scanner, the Claude Code plugin, and optional OpenACA Cloud sync.

Website

When you visit openaca.dev, our hosting and infrastructure providers may process standard request metadata such as IP address, user agent, requested URL, and timestamps to serve the site, protect it from abuse, and debug reliability issues.

If you contact us by email or request access to OpenACA Cloud, we use the information you provide to respond, support the request, and operate the service.

Open-Source Scanner and Claude Code Plugin

The OpenACA Claude Code plugin runs OpenACA commands from Claude Code. By default, scanner and BOM commands run locally and do not upload scan results to OpenACA.

When you run scan or BOM commands, OpenACA may read local agent configuration and manifest files, including Claude Code settings, MCP configuration, plugin manifests, skills, hooks, commands, package manifests, and lockfiles. Command output may appear in your Claude Code session; Anthropic's handling of Claude Code sessions is governed by Anthropic's own policies.

To match known advisories, OpenACA may query public advisory services such as OSV.dev using package names, versions, source repositories, or other match coordinates required for vulnerability lookup.

OpenACA Cloud Sync

OpenACA Cloud sync is optional. If you configure Cloud and explicitly run a sync command or deployment script, OpenACA uploads an Agent BOM, findings, and related metadata to OpenACA Cloud for your organization.

Uploaded data may include component identities, package or source coordinates, advisory and posture findings, asset metadata, timestamps, and redacted evidence needed to show what was found and where it came from.

How We Use Information

We use information to provide, secure, improve, and support OpenACA.

We do not sell personal information. We may share information with service providers that help operate OpenACA, when required by law, or to protect OpenACA and its users.

Retention and Requests

We retain information for as long as needed to provide the service, satisfy legal obligations, resolve disputes, and maintain security. To request access, correction, deletion, or other privacy help, contact us.

Contact

Questions about this policy can be sent to [email protected].