Privacy Policy

Last Updated: October 2, 2025

Your Privacy Matters: GitOpticon is committed to protecting your personal information and being transparent about our data practices.

1. Information We Collect

1.1 Account Information

When you register for GitOpticon, we collect:

  • Name and email address
  • Password (stored securely using industry-standard hashing)
  • Organization details (if you create or join an organization)
  • Profile information you choose to provide

1.2 GitHub Integration Data

When you connect GitOpticon to GitHub, we access:

  • Repository metadata (name, description, visibility, language)
  • Commit history and contributor information
  • Branch and pull request data
  • Webhook events (pushes, pull requests, issues)
  • Organization and team membership (if authorized)
  • Code content for AI analysis (only when explicitly enabled)

1.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information (operating system, device type)
  • Analytics data (feature usage, session duration)
  • Performance metrics (page load times, error rates)

2. How We Use Your Information

GitOpticon uses collected information to:

  • Provide the Service: Analyze repositories, generate insights, and enforce governance rules
  • Improve Features: Understand usage patterns and develop new capabilities
  • Communicate: Send service updates, security alerts, and important notifications
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations and enforce our Terms of Service

3. AI and Machine Learning

GitOpticon uses AI to provide code analysis and governance recommendations:

  • Code Analysis: AI models analyze code structure, patterns, and quality
  • Risk Scoring: Automated assessment of security and compliance risks
  • Training Data: We may use anonymized, aggregated data to improve AI models
  • Your Control: You can disable AI features or opt-out of data usage for model training
  • Third-Party AI: We may use services like OpenAI or Anthropic for AI capabilities

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

GitOpticon does not sell, rent, or trade your personal information or repository data to third parties.

4.2 We May Share Data With:

  • Service Providers: Third-party services that help us operate (hosting, analytics, AI APIs)
  • Organization Members: Data is shared within your organization according to role permissions
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: Any other disclosure made with your explicit permission

5. Data Storage and Security

5.1 Security Measures

We implement industry-standard security practices:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt/Argon2)
  • Regular security audits and vulnerability scanning
  • Access controls and role-based permissions
  • Secure GitHub token storage and rotation

5.2 Data Retention

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Repository Data: Cached for performance; deleted when disconnected
  • Analytics Data: Aggregated data may be retained indefinitely
  • Logs: Server logs retained for 90 days for security and debugging

6. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct your account information at any time
  • Deletion: Request deletion of your account and associated data
  • Export: Download your repository analytics and reports
  • Opt-Out: Disable AI features or analytics tracking
  • Revoke Access: Disconnect GitHub integration at any time

7. Cookies and Tracking

GitOpticon uses cookies and similar technologies:

  • Essential Cookies: Required for authentication and security (CSRF tokens, session management)
  • Analytics Cookies: Help us understand how you use the Service (can be disabled)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but some features may not function properly if disabled.

8. Third-Party Services

GitOpticon integrates with third-party services that have their own privacy policies:

  • GitHub: GitHub Privacy Statement
  • AI Providers: OpenAI, Anthropic (when AI features are enabled)
  • Hosting: Cloud infrastructure providers for data storage

9. International Data Transfers

GitOpticon operates globally. Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

GitOpticon is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we don't sell data)
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

12. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), we comply with GDPR:

  • Legal Basis: We process data based on consent, contract, or legitimate interest
  • Data Controller: GitOpticon is the data controller for your information
  • Data Protection Officer: Contact privacy@gitopticon.com
  • Right to Lodge Complaint: You may file a complaint with your local data protection authority

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Back to Home Terms of Service