# Privacy Policy for Sajjetti - AI Audit

This plugin respects your privacy and complies with WordPress.org privacy guidelines.  
It processes only the minimum data required to provide code audit functionality.

## What Data Is Processed

When you trigger a scan with remote analysis enabled, the following data may be transmitted to the Sajjetti API:

- **Source code files**: Selected PHP, HTML, CSS, and JS files (Base64-encoded for secure transmission)
- **Site identification**: Your website's IP address and URL (required for API license validation)  
- **API credentials**: Your Sajjetti API username (for account identification - not your WordPress username)
- **File metadata**: Filename, file type, file size, and internal scan coordination identifiers

**No WordPress user data is transmitted.** The plugin does not access or send WordPress usernames, passwords, email addresses, or any other personal information from your WordPress site.

## How Data Is Used

- **Code analysis**: Files are analyzed statically (never executed) to identify security, performance, and code quality issues
- **License validation**: Your site's IP address and URL are checked against your Sajjetti API license to ensure authorized usage
- **Result delivery**: Scan coordination data ensures analysis results are returned to the correct scan request

## Data Retention

- **Real-time processing only**: All transmitted data is used exclusively for immediate analysis
- **Automatic deletion**: Once results are returned to your site, all temporary data is deleted from Sajjetti servers
- **No storage**: No files, scan results, or site information is retained beyond the analysis process

## Use of Third-Party Services

- Code analysis requests are securely transmitted over HTTPS to the **Sajjetti API**, operated by Sajjetti
- The API processes only the data listed above and returns structured analysis results
- Transmitted data is not used for marketing, profiling, training AI models, or any purpose beyond providing the requested code analysis

## Your Control

- **User-initiated only**: All scans are manually triggered by you - nothing runs automatically
- **Opt-in remote analysis**: Code is only sent when you explicitly enable "Allow remote analysis" in plugin settings
- **Local scanning**: When remote analysis is disabled, all processing occurs locally and no data is transmitted

## Your Rights

This plugin does not collect or store personal information from WordPress users.  
For information about your rights regarding data transmitted to the Sajjetti API, please see our complete privacy policy: [https://sajjetti.ai/privacy-policy/](https://sajjetti.ai/privacy-policy/)

---

*Effective as of 2025-01-01*