Privacy Policy

Information We Collect

• GitHub profile (name, email, avatar) via OAuth — used only for authentication
• Workflow file contents from .github/workflows/ — used to run security scans
• Scan results and findings — stored to power your dashboard

What We Do NOT Collect

• Source code outside of workflow files
• Secrets, tokens, or environment variable values
• Repository contents beyond CI/CD configuration files

Third-Party Services

We use the following sub-processors:

• Neon — PostgreSQL database hosting
• Resend — Transactional email delivery
• Inngest — Background job processing
• Stripe — Subscription billing (for paid plans)
• Vercel — Application hosting

Data Retention

Findings and scan history are retained for as long as your account is active. You may delete all data at any time from the Settings page.

Contact

For privacy questions, use the contact form on our website.