Privacy Policy

Last updated: March 19, 2026

Greywall (the CLI tool)

Greywall runs entirely on your machine. It does not phone home, collect telemetry, or transmit any data. No analytics, no crash reports, no usage tracking. The source code is open and auditable at github.com/GreyhavenHQ/greywall.

This website (greywall.io)

The Greywall landing page is a static site hosted on Vercel. We do not use cookies, analytics scripts, or tracking pixels. Vercel may collect minimal server logs (IP address, user agent, timestamp) as part of standard web hosting. See Vercel's privacy policy for details.

Greyscan

When you use Greyscan at /greyscan, the following happens:

Your browser fetches the public file tree, dependency list, and README from GitHub's API directly. This data never passes through our servers during collection.
To generate the threat report, a summary of the repo structure (file names, detected stack, dependency names, and up to 8,000 characters of the README) is sent to our server and forwarded to a third-party LLM provider for analysis.
Results are cached in server memory for up to 24 hours to avoid redundant LLM calls for the same repository, then discarded. We do not persist scan results to disk or a database.
No repository source code is read or transmitted. Only file paths, dependency names, and the public README are included.

Third-party services

GitHub API — Greyscan calls the GitHub REST API from your browser to fetch public repository metadata. Subject to GitHub's privacy statement.
LLM provider — Repo summaries sent through Greyscan are processed by a third-party LLM to generate threat reports. The provider may retain data per their own policies.
Vercel — Hosting infrastructure. See Vercel's privacy policy.

Security

If you discover a security issue in Greywall or this website, please report it via GitHub Security Advisories. We will respond promptly.

Contact

For questions about this policy, reach us at greyhaven.co/contact.

← Back to Greywall