From cd76a0d1ba9454f70fd096b27bfa523d2bd83116 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Fri, 11 Aug 2023 09:57:10 +0200
Subject: [PATCH] scout: clarify data handling for local analysis

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 scout/data-handling.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scout/data-handling.md b/scout/data-handling.md
index 2d80894969..e3a15ee2ac 100644
--- a/scout/data-handling.md
+++ b/scout/data-handling.md
@@ -27,7 +27,7 @@ Docker and OCI image metadata:
 
 Software Bill of Materials (SBOM) metadata:
 
-- Advisory prefix URL (PURL)
+- Package URLs (PURL)
 - Package author and description
 - License IDs
 - Package name and namespace
@@ -45,6 +45,10 @@ information on the SBOM. If there's a match, the results of the match are
 displayed in the user interfaces where Docker Scout data is surfaced, such as
 the Docker Scout Dashboard and in Docker Desktop.
 
+For images analyzed locally on a developer's machine, Docker Scout only
+transmits PURLs and layer digests. This data is not persistently stored on the
+Docker Scout platform; it's only used to run the analysis.
+
 ## Data storage
 
 For the purposes of providing the Docker Scout service, data is stored using: