Two products, one simple model: the Privacy Code Scanner and the Dataflow Context Engine are free to start, with Enterprise tiers for continuous, org-wide coverage.
Catch sensitive data leaks and risky data flows directly in source code, then scale to continuous coverage, automated privacy reporting, and an org-wide RoPA workflow.
A point-in-time privacy code scanner developers run locally to understand risky data flows before they ship. Get a GDPR sensitive datamap with data flow visualizations, traces, and code-level evidence directly from your source code. The scanner also detects Shadow AI usage and third-party integrations embedded in your codebase, with results generated as a local Markdown report. View a sample report.
Built for privacy and engineering teams that need continuous coverage across their entire codebases, with org-wide visibility into data flows, data elements processed, and subprocessors across every application.
Give your AI agents a continuously updated graph of APIs and cross-service relationships, from a free local scanner to centralized, org-wide context.
Run it on your machine and plug it into any AI agent.
Centralized context for the entire organization, continuously updated across all code repos and cross-service relationships.
The Free tier supports Python, JavaScript, and TypeScript. The Enterprise tier adds C#, Go, Java, SQL, GraphQL, and OpenAPI. The Features table in our GitHub README always reflects the current list.
Enterprise pricing counts the developers who contribute to the code repositories being scanned. Developers who do not contribute to those repositories are not counted.
No. Scans run in your environment, and your code never leaves it. On the Enterprise tier, only scan findings and data flow insights are aggregated in the cloud platform, and an on-premises deployment is available if everything needs to stay inside your network.
Under the hood, the scanning engine is built in Rust, fully rule-based, and deterministic. The rule specification is expressive enough to model real-world code at compiler-level accuracy, while AI is used selectively to scale coverage across thousands of code patterns. This gives you the depth of LLM-based analysis without the cost, latency, or unpredictability. Code never leaves your environment, scans complete in seconds even across codebases with millions of lines, and the lightweight footprint means privacy scanning fits into CI pipelines without slowing anyone down.
LLMs can discover issues that traditional SAST tools miss, but they are slow, expensive, and non-deterministic. SAST tools are faster, cheaper, and predictable, but require high-effort rule maintenance and suffer from high false positive rates. HoundDog.ai combines the strengths of both approaches: a fully rule-based, deterministic engine, with AI used selectively to scale coverage without sacrificing performance, reliability, or trust.
Secrets scanning tools look for credentials hardcoded directly in code, such as API keys, passwords, or tokens. HoundDog.ai focuses on how sensitive data actually flows through code, tracking values across assignment statements and transformations to catch leaks into logs, files, third-party SDKs, and AI integrations.
DIY SAST tools like Semgrep and CodeQL are powerful and highly customizable, but their rules require significant upfront investment to learn and maintain. HoundDog.ai is a turnkey solution with broad, high-quality coverage of data elements and sinks out of the box. It is designed specifically for dataflow analysis, scales efficiently to large codebases, and detects complex data flows that general-purpose tools miss.
No. The scanner is free to use and distributed through GitHub, but it is not open source software. License details are available in our Terms of Service.
The Dataflow Context Engine gives AI coding agents continuously updated API and dataflow context across your repositories. The local scanner is free: run it on your machine and plug it into any MCP-compatible AI agent, with gRPC supported first and GraphQL and REST coming soon. The Enterprise tier integrates directly with GitHub, Bitbucket, and GitLab, auto-scans selected repos with no local checkout, runs in CI and on every pull request, and keeps API graphs continuously updated org-wide. Contact us for Enterprise pricing.
Any MCP-compatible AI agent can consume the context it produces. The engine is available as MCP Servers and Skills, exposing continuously updated API graphs that plug directly into your agent of choice.
Visit our Trust Center to view our latest SOC 2 report, penetration testing results, and SBOM details.
Run a privacy scan in seconds, plug API context into your AI agents, and talk to us when you are ready for org-wide coverage.