Frequently asked questions

What does LaunchGuard scan for?

LaunchGuard runs 12 targeted static checks across four categories: auth failures (unguarded routes, session handling bugs, JWT secret exposure), billing bugs (missing Stripe webhook idempotency, invalid price IDs, subscription logic gaps), AI cost leaks (OpenAI SDK in client components, missing token caps, absent per-user rate limits), and reliability risks (cron jobs without distributed locks, fetch() calls without timeouts, retry amplification). Mode B adds controlled runtime validation of signup, login, checkout, and route protection flows. LaunchGuard does not replace a full security audit or SAST tool.

Does LaunchGuard execute my code?

Mode A does not. It performs static analysis only — reading your source files using an AST parser and pattern-matching rules. It never installs dependencies, runs your build pipeline, or executes any code from your repository. Mode B exercises specific user flows (signup, checkout, route protection) in a controlled sandboxed environment. It does not touch your production database, billing account, or live users.

How does GitHub access work?

LaunchGuard requests read-only OAuth access to your GitHub repositories. It uses this token to fetch the contents of repos you explicitly pin for scanning. LaunchGuard does not request write access, does not access repositories you haven't authorized, and does not store your source code after the scan completes. Tokens are encrypted at rest using AES-256-GCM.

How does billing work?

LaunchGuard uses Stripe for all payment processing. Your card details never touch LaunchGuard servers — they are handled entirely by Stripe's checkout. The free plan gives you 1 scan per month at no cost. The Pro plan (€49/month) gives you 20 static audits and 3 runtime validations per month, plus multiple pinned repositories. You can upgrade, downgrade, or cancel at any time from the billing portal.

Can I cancel anytime?

Yes. No contracts, no cancellation fees. If you cancel your Pro subscription, your plan remains active until the end of the current billing period, then reverts to the free tier (1 scan/month). Cancellation takes effect at period end — you keep access until then.

What happens to my scan reports?

Scan reports are stored privately in your account and are only accessible to you via authenticated, time-limited download links. Reports are not publicly indexed or shared. If you delete your account, your reports are permanently deleted. HTML and JSON report formats are available for all completed scans.

Is my code stored on your servers?

LaunchGuard clones your repository into a temporary directory for the duration of the scan only. Once the scan completes, the cloned files are deleted immediately. Only the scan results (findings, verdicts, metadata) are persisted — never your source code. Mode B operates in an ephemeral sandbox that is torn down after each validation run.

Still have questions? Contact support →