Core Security Properties
AllScanTool never stores, logs, or retains submitted code. Every scan runs in volatile memory and is discarded immediately upon completion. No code content is written to disk at any point.
Storage
Zero — no code is written to disk or database at any time
Execution
None — submitted code is never executed, only pattern-matched
Retention
Zero seconds — scan data is discarded immediately after response
Logging
No code content is logged — only operational metrics
PII handling
No user identity required — anonymous by default
Data Flow
Step 1 — Input
User pastes code into browser textarea
Step 2 — Transit
Code sent via HTTPS POST to api.allscantool.com (TLS encrypted)
Step 3 — Processing
Cloudflare Worker pattern-matches code in volatile memory only
Step 4 — Response
Findings returned as JSON — severity, label, plain-English explanation, fix
Step 5 — Disposal
All scan data discarded — nothing retained after response
Infrastructure
Provider
Cloudflare — global edge network (200+ locations)
Multi-region
Yes — Cloudflare Workers deploy globally by default
Transit encryption
TLS — all communication encrypted in transit
Scanner endpoint
https://api.allscantool.com (Worker v4.0.1)
UI endpoint
https://app.allscantool.com (Cloudflare Pages — deployment in progress)