Privacy Policy

1. The short version

2. What we collect

• GitHub identity: your GitHub account id and username, via GitHub sign-in; your email address if you grant access to it.
• Session: one HttpOnly cookie (td_session) so you stay signed in. No tracking cookies, no analytics scripts.
• Run metadata: repository name, run status, projected savings figures, credits charged, the Pull Request URL, and a summary of findings — what you see in your run history.
• Billing: your credit balance and ledger. Payments are processed by Stripe; we never see or store your card details.

3. What we do NOT collect

Your source code. It is fetched for the duration of an analysis run, processed in an isolated environment, and discarded when the run completes. The diffs we propose live in Pull Requests on your GitHub repository, not on our servers.

4. Processors we rely on

• GitHub — sign-in and repository access (via the GitHub App you install, with the permissions you grant).
• Fly.io — application hosting (Paris, EU).
• Neon — database for account and run metadata (Frankfurt, EU).
• Stripe — payments.
• Anthropic — the model that powers the analysis. Relevant code excerpts are sent during a run solely to perform the analysis; under Anthropic's commercial API terms, this data is not used for training.

5. Where your data lives

Account and run metadata are stored in the EU (Frankfurt). The application runs in the EU (Paris).

6. Retention and deletion

Account and run metadata are kept while your account exists. To delete your account and its data, uninstall the GitHub App and email elmokaddamelias@gmail.com — we delete within 30 days. You can also revoke the app's access at any time from your GitHub settings.

7. Your rights

You can request access to, correction of, or deletion of your personal data at any time via elmokaddamelias@gmail.com.

8. Changes

Material changes to this policy will be announced on this page with an updated date.