Privacy Policy

When you sign in with GitHub or Google OAuth, we receive and store your email address, display name, and OAuth access token. The access token is used exclusively during your active session to query the GitHub API on your behalf; we do not persist it to our database after the session ends.

As you use GitScope we also collect:

• Repository search queries and the GitHub repository IDs you view or track.
• Usage data such as page visits, feature interactions, and dashboard configurations — collected in aggregate to improve the product.
• Session identifiers stored in a secure, HTTP-only cookie for authentication purposes.
• Billing information (name, payment method type, last-four digits) processed and stored by Stripe — we never see or store raw card numbers.

We do notstore your source code, file contents, or any private repository data beyond the metadata (commit counts, contributor lists, language breakdowns) returned by GitHub's REST and GraphQL APIs.

The data we collect is used for the following purposes, and no others:

• Authenticating your account and maintaining a secure session.
• Fetching and displaying GitHub repository analytics on your dashboard.
• Generating AI-powered summaries and risk predictions using the Anthropic Claude API — only repository metadata, never source code, is sent to Anthropic.
• Sending transactional emails (account confirmation, billing receipts, password reset) — we do not send marketing email without explicit opt-in.
• Detecting abuse and enforcing our Terms of Service.
• Improving GitScope through aggregated, anonymised product analytics.

Your account data and repository metadata are stored in a Neon PostgreSQL database hosted in the United States (AWS us-east-1). Neon encrypts data at rest using AES-256 and in transit using TLS 1.3. Database credentials are rotated regularly and never exposed in client-side code. Backups are taken daily and retained for 30 days, encrypted with the same standards as primary storage.

We share data with the following third-party services, and only to the extent necessary to operate GitScope:

We do not sell your data to third parties, and we do not use your data for advertising.

We retain your account data and associated repository search history for as long as your account is active. If you delete your account, all personally identifiable data — including your email, OAuth tokens, tracked repository list, and search history — is permanently deleted within 30 days. Anonymised, aggregated analytics (e.g., total daily active users) are retained indefinitely as they cannot be linked back to you.

Stripe retains billing records for the period required by applicable tax and financial regulations (typically 7 years), independent of account deletion.

Depending on your jurisdiction, you may have the right to access, correct, delete, or export personal data we hold about you. Specifically:

• Access: request a copy of the personal data associated with your account.
• Correction: update your display name or email address in Account Settings.
• Deletion: delete your account from Account Settings → Danger Zone. This initiates permanent data removal within 30 days.
• Export: request a JSON export of your account data and search history by emailing privacy@gitscope.dev.
• Objection: opt out of aggregated product analytics by emailing privacy@gitscope.dev.

We will respond to verified requests within 30 days. If you are in the EU or UK you also have the right to lodge a complaint with your local supervisory authority.

GitScope uses a single secure, HTTP-only session cookie to keep you logged in. This cookie contains only a session identifier — no personal data. It expires when you sign out, or after 30 days of inactivity.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking.

For privacy questions, data requests, or concerns, email us at privacy@gitscope.dev. We aim to respond within 5 business days.