Privacy Policy
Last updated: December 1, 2024
1. Introduction
Repotoire ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our graph-powered code intelligence platform.
2. Data We Collect
Account Information
- Email address and name (via Clerk authentication)
- Organization membership and roles
- Profile preferences and settings
- Authentication tokens (securely encrypted)
Repository Data
- Repository metadata (name, URL, branch information)
- Code structure (AST representation, not raw source code)
- Analysis results and health scores
- Detected issues and suggested fixes
Usage Data
- Pages visited and features used (with consent)
- Analysis run history and timestamps
- API usage patterns for billing purposes
3. How We Use Your Data
- To provide and maintain our code analysis service
- To authenticate and authorize access to your repositories
- To generate code health reports and insights
- To process payments and manage subscriptions
- To communicate important updates about your account
- To improve our service (aggregated, anonymized data only)
4. Third-Party Services
We use the following third-party services to operate Repotoire:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, profile |
| Stripe | Payment processing | Billing information |
| GitHub | Repository access | Repository metadata |
| Vercel | Hosting | IP address, usage logs |
| PostHog | Analytics (with consent) | Usage events, anonymized |
5. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the following rights:
- Right to Access - Export all your data from Settings → Privacy
- Right to Erasure - Delete your account with a 30-day grace period
- Right to Rectification - Update your profile information anytime
- Right to Data Portability - Download your data in JSON format
- Right to Object - Opt out of analytics tracking
- Right to Restrict Processing - Contact us to limit data use
To exercise any of these rights, visit your Privacy Settings or contact us at privacy@repotoire.io
6. Data Retention
| Data Type | Retention Period |
|---|---|
| User profile | While account active + 30 days |
| Analysis results | 1 year |
| Repository metadata | While connected + 30 days |
| Audit logs | 2 years (anonymized) |
| Billing records | 7 years (legal requirement) |
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Secure authentication via Clerk with MFA support
- Regular security audits and penetration testing
- Access controls and audit logging
- Encrypted backups with geographic redundancy
8. Cookies and Tracking
We use cookies and similar technologies for essential functionality and, with your consent, for analytics. You can manage your preferences using the cookie banner or in your browser settings.
Cookie Types
- Essential - Required for authentication and security
- Analytics - Help us understand how you use our service (opt-in)
- Marketing - Personalized content (opt-in)
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure adequate data protection through Standard Contractual Clauses and other approved mechanisms.
10. Children's Privacy
Repotoire is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our website.
12. Contact Us
For privacy-related inquiries or to exercise your data rights, contact us at:
- Email: privacy@repotoire.io
- Data Protection Officer: dpo@repotoire.io