Last updated: July 2, 2026
When you create an account, we store your name, email address, and a bcrypt hash of your password. When you analyze a repository, we record the repository URL, the analysis results (quality scores, issues, file metadata, dependency graph), and the timestamp.
Source code is cloned to our analysis server only for the duration of the analysis. We do not execute, compile, or instrument any code. Cloned repositories are deleted from disk immediately after analysis completes, regardless of outcome. Source code is never shared with third parties.
Git provider tokens (GitHub PATs, GitLab tokens, etc.) you provide for private repository access are stored in your browser's local storage and transmitted to our backend only at the moment of cloning. We do not persist them in our database.
When AI explanations or fix suggestions are requested, the relevant issue context (rule ID, severity, ~120 characters of surrounding code) is sent to Anthropic's Claude API. No full source files are sent. Anthropic does not retain or train on this data per their API terms.
We use only first-party authentication cookies and local storage for session state. We do not use third-party analytics, advertising, or behavioral tracking.
You can delete any project (and all its analyses) from the Projects page. Account deletion is available on request via the contact email below; we will purge all your data within 30 days.
For privacy questions or data deletion requests, contact us at privacy@impactcodeanalysis.com.
This policy will evolve as the product matures. Material changes will be communicated via email to all registered users at least 30 days before taking effect.