Privacy Policy

Secra is an AI prompt security service operated by Inceptrade. This Privacy Policy explains how we collect, use, and protect information when you use Secra at sec-ra.com.

Questions? Contact us at support@sec-ra.com.

Account information: When you sign up, we collect your email address and any profile information provided via Google OAuth or email/password registration.

Prompt data: When you use the scan or sanitise API, we process the prompt text you submit. We retain scan results (verdict, threat scores, token count, timestamp) linked to your account for dashboard display and billing.

Usage and billing data: We collect token usage counts, subscription plan, billing history, and API key metadata (name, prefix, last used). We do not store full credit card numbers — payments are processed by Paystack.

Technical data: We may collect IP addresses, browser type, and request metadata for security, abuse prevention, and service reliability purposes.

• To provide and operate the Secra service
• To process payments and manage your subscription via Paystack
• To display scan history, token usage, and billing information in your dashboard
• To detect and prevent abuse, fraud, and unauthorised access
• To send transactional emails (account confirmations, billing receipts, service notices)
• To improve the reliability and performance of the service

We do not use your prompt content to train AI models. We do not sell your data to third parties.

We retain your account information for as long as your account is active. Scan results are retained for up to 90 days to power your scan history dashboard. You may request earlier deletion by contacting support@sec-ra.com.

When you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes.

We use the following third-party services to operate Secra:

• Supabase — authentication and database
• Railway — backend infrastructure hosting
• Vercel — frontend hosting and edge delivery
• Paystack — payment processing (your card data is handled entirely by Paystack and subject to their privacy policy)

Each of these providers has their own privacy policy and data handling practices. We select providers who meet appropriate data protection standards.

We use essential cookies to maintain your authentication session. We do not use advertising cookies or third-party tracking cookies.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your scan history data

To exercise any of these rights, email support@sec-ra.com. We will respond within 30 days.

We implement industry-standard security measures including HTTPS/TLS encryption in transit, hashed credentials, and access controls. API keys are stored as hashed prefixes — we never store or display the full key after creation.

Despite these measures, no system is completely secure. If you believe your account has been compromised, revoke your API keys immediately from the API Keys page and contact us.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 7 days in advance. Continued use of the service after changes take effect constitutes acceptance.

For any privacy-related questions or requests:

Inceptrade
Email: support@sec-ra.com
Website: sec-ra.com