RepoScanBack to Home

Privacy Policy

Last updated: January 2025

RepoScan ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated security scanning service.

1. Information We Collect

1.1 Account Information

When you sign in using GitHub OAuth, we collect:

  • Your GitHub username and email address
  • Your GitHub profile picture (if available)
  • OAuth tokens necessary to authenticate your requests

1.2 Repository Data

When you initiate a security scan, we temporarily access:

  • Repository URLs you provide for scanning
  • Repository source code (temporarily cloned during scan execution)
  • Commit hashes and branch information
  • Dependency manifests (package.json, go.mod, Cargo.toml, etc.)
  • Configuration files (Dockerfiles, Terraform files, etc.)

1.3 Scan Results

We store scan results including:

  • Security findings and vulnerabilities detected
  • Severity classifications and remediation suggestions
  • Code snippets relevant to identified issues
  • Scan metadata (timestamps, progress, status)

1.4 Usage Information

We automatically collect:

  • Browser type and version
  • IP address
  • Pages visited and features used
  • Time and date of visits

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain our security scanning service
  • Authenticate your identity and manage your account
  • Execute security scans on repositories you specify
  • Generate and store security reports for your review
  • Improve our scanning algorithms and service quality
  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Detect and prevent fraudulent or unauthorized use

3. Data Retention

3.1 Repository Source Code

Repository source code is cloned temporarily during scan execution and is automatically deleted immediately after the scan completes. We do not retain copies of your source code beyond the scanning process.

3.2 Scan Results

Scan results and findings are retained for as long as your account is active or as needed to provide you with our services. You may request deletion of specific scans at any time through the dashboard.

3.3 Account Data

Account information is retained until you delete your account or request removal of your data.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Service Providers: With third-party vendors who assist in operating our service (e.g., cloud hosting providers), subject to confidentiality obligations.
  • Legal Requirements: When required by law or to respond to legal process, protect our rights, or ensure user safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure deletion of temporary files after processing

6. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your scan results
  • Revoke OAuth access through GitHub settings

7. Third-Party Services

Our service integrates with third-party tools and services:

  • GitHub: For authentication and repository access. GitHub's privacy policy applies to data collected by GitHub.
  • Security Scanners: We use industry-standard security scanning tools (Semgrep, Trivy, etc.) that process repository data locally within our infrastructure.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in compliance with applicable laws.

9. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@securitykit.io