PyVMProtect - Privacy Policy

1. What we receive

When you use PyVMProtect you submit two kinds of data:

Account data. Email address, hashed password, and billing metadata if applicable.
Source material. The Python files you upload for protection, plus any build configuration you set in the Forge.

2. How we store your source code

Your source code is treated as ephemeral build input, not as stored content.

Uploads travel over TLS and are written to an isolated job directory on our build servers.
Each build runs in a per-job workspace. Workspaces are not shared across users or jobs.
Once the build finishes and the resulting .pyd is downloaded, the source files and build artefacts are deleted from disk.
If a build fails or is abandoned, the workspace is purged automatically within 24 hours.

Retention summary. Source code lives on our systems only for the duration of the build and long enough for you to download the protected output. It is not archived, not backed up to long-term storage, and not used to train any model.

3. Access

Access to the build infrastructure is restricted to operators of PyVMProtect Systems acting under confidentiality obligations. We do not inspect customer source code as a matter of practice, and we do not share it with third parties.

4. Malware and abuse

PyVMProtect is not a tool for malware authors. When automated or manual review identifies content that is plausibly malicious, abusive, or illegal, we reserve the right to:

Refuse the build and terminate the associated account.
Retain a copy of the submitted material for the period required to cooperate with law enforcement or platform-abuse requests.

This is the only scenario in which uploaded source code is kept beyond the normal build lifecycle.

5. Account data and cookies

We store the minimum required to run your account: email, password hash, build history metadata (timestamps, file sizes, target Python version), and payment-processor IDs for paid plans. We do not sell this data. We use first-party cookies only for session management.

6. Your rights (GDPR and similar)

If you are in the EU, UK, or another jurisdiction with equivalent rules, you have the right to access, correct, export, or delete your account data. Write to privacy@pyvmprotect.com and we will respond within 30 days.

Account deletion removes your login and build history. Source code uploaded during your use of the service has already been deleted as described in section 2, so no separate deletion step is required for it.

7. Self-hosted option

For organisations that cannot send source code to a third party, we offer a self-hosted build of the compiler. In that configuration your code never leaves your own infrastructure : no uploads, no build servers, no data sharing. Contact sales to discuss this option.

8. Changes to this policy

If we change how we handle data, we will update this page and record the change date at the top. Material changes will be announced in-product before they take effect.

9. Contact

Privacy questions: privacy@pyvmprotect.com
Operator: PyVMProtect Systems.