Privacy Policy

Last updated: August 19, 2025

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • GitHub username and profile information
  • Email address associated with your GitHub account
  • Avatar/profile picture from GitHub

1.2 Repository Data

To provide our services, we access and analyze:

  • Repository metadata (name, description, creation date)
  • Dependency files (package.json, composer.json, requirements.txt, etc.)
  • Repository activity and statistics
  • Security vulnerability information

1.3 Usage Data

We collect information about how you use RepoSentinel:

  • Log data (IP address, browser type, pages visited)
  • Analytics and performance metrics
  • Feature usage and preferences
  • Error reports and debugging information

3. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contract performance: To provide our services
  • Legitimate interests: Security monitoring, service improvement
  • Consent: Marketing communications, optional analytics
  • Legal obligation: Compliance with applicable laws

4. Data Retention

We retain your data for the following periods:

  • Account data: While your account is active plus 30 days
  • Repository analysis: 12 months after last analysis
  • Billing records: 7 years (legal requirement)
  • Support communications: 3 years
  • Logs and analytics: 13 months maximum

5. How We Use Your Information

We use your information to:

  • Provide our services: Analyze repositories, detect vulnerabilities, and generate health scores
  • Communicate with you: Send notifications about security issues and service updates
  • Improve our service: Analyze usage patterns and optimize performance
  • Ensure security: Protect against unauthorized access and abuse
  • Billing: Process payments and manage subscriptions

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share information in these limited circumstances:

3.1 Service Providers

We work with trusted third-party services:

  • GitHub: To access repository data (with your permission)
  • Stripe: For payment processing
  • Cloud providers: For hosting and infrastructure
  • Analytics services: For usage analytics (anonymized data only)

3.2 Legal Requirements

We may disclose information if required by law or to:

  • Comply with legal processes
  • Protect our rights and property
  • Ensure user safety
  • Investigate potential violations

7. Data Security

We implement industry-standard security measures:

  • Encryption in transit and at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Monitoring and threat detection

5. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide services
  • Required by law
  • Necessary for legitimate business purposes

When you delete your account, we remove personal information within 30 days, except where retention is required by law.

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Object: Opt-out of certain data processing

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functions: Authentication and security
  • Analytics: Understanding usage patterns (with consent)
  • Preferences: Remembering your settings
  • Performance: Optimizing load times

You can control cookie preferences through our cookie banner or browser settings.

10. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses
  • Adequacy decisions
  • Other legal transfer mechanisms

11. Children's Privacy

RepoSentinel is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via:

  • Email notification
  • In-app notifications
  • Website banners

13. Contact Us

For questions about this privacy policy or to exercise your rights:

  • Data Protection Officer: privacy@reposentinel.com
  • General Support: support@reposentinel.com
  • Legal Inquiries: legal@reposentinel.com
  • Address: Jean-Marc Strauven, Kwinkeleer 25, 1760 Roosdaal, Belgium

13.1 Supervisory Authorities

EU residents can contact their local data protection authority:

  • Belgium: Commission de la protection de la vie privée
  • Other EU countries: See EDPB member list

Global Compliance: This privacy policy complies with GDPR (EU), CCPA (California), PIPEDA (Canada), LGPD (Brazil), and other applicable international data protection laws.

We use cookies to enhance your experience

RepoSentinel uses cookies to provide essential functionality and improve your experience.