Frequently Asked Questions

No. Your source code is never used for training, fine-tuning, or improving any AI model. Every provider we work with operates under contracts that explicitly prohibit this.

All customer data at rest is stored in the European Union. We do not replicate or transfer your data outside the EU for storage purposes.

Scan reports are available for the duration of your subscription. Uploaded source code is deleted after the scan completes. When you leave the platform, all associated data is permanently purged.

Only with the infrastructure providers listed on our Subprocessors page, and only as necessary to run your scan. We never sell, license, or otherwise disclose customer data to any other party.

Yes. You can request access to, correction of, or deletion of your data at any time under GDPR. We have documented response procedures and timelines.

Zero Data Retention means that AI providers do not store your prompts or outputs beyond the time needed to process them. We enforce ZDR on every provider where it is available, and are actively pursuing it on the remainder.

Every scan runs in a fully isolated environment that is destroyed when the scan completes. Your code is never co‑located with another customer's data, and the scan environment has no access to any other part of our platform.

Yes. All data is encrypted both at rest and in transit. We enforce modern encryption standards across every layer of the platform.

Yes. Vexera is a Danish company subject to EU law. We maintain a Data Processing Agreement, Data Subject Access Request procedures, and a full record of processing activities.

Yes. We have a standard DPA ready for signature that covers GDPR Article 28 requirements. Contact us and we can have it signed the same day.

Our Subprocessors page lists every third‑party vendor, their purpose, data region, and certifications. We notify customers before adding any new subprocessor.