Trust & Security

• The full content of every file you scan.
• Credentials, browser data, OS information, hardware identifiers.
• Anything outside the folders you explicitly choose to scan.

• File paths relative to the folders you chose.
• File size, MIME type, modification timestamp.
• SHA-256 hash (used for duplicate detection — not reversible).
• Aggregated, anonymous token statistics used to improve the classifier.

• Each desktop agent uses a unique token (librian_…). The server stores only its SHA-256 hash.
• You can revoke a token at any time from the dashboard; the token stops working immediately.
• Every database row is scoped to your auth.uid() via PostgreSQL Row-Level Security.
• Email/password and Google sign-in. Server-side session tokens with PKCE on every email link.

LibrIAn follows the Brazilian General Data Protection Law (Lei nº 13.709/2018):

• Data is kept for 90 days after your last activity; each use renews the clock. You get a heads-up email 7 days before automatic deletion.
• You can request deletion at any time from Account → Privacy; completion happens within 30 days.
• Data used to improve the service is anonymised (aggregated hashes and counts) and encrypted at rest.
• If a breach is ever detected, every affected user receives an email notification at their registered address (Art. 48).
• Full rights and how to exercise them are documented in our Privacy Policy.

Security disclosures, privacy requests, and Data Protection Officer (DPO) inquiries:

mmcsantannainfo@gmail.com