← Back to home

Privacy Policy

Last updated: July 2, 2026

1. What we collect

When you create an account, we store your name, email address, and a bcrypt hash of your password. When you analyze a repository, we record the repository URL, the analysis results (quality scores, issues, file metadata, dependency graph), and the timestamp.

2. Source code handling

Source code is cloned to our analysis server only for the duration of the analysis. We do not execute, compile, or instrument any code. Cloned repositories are deleted from disk immediately after analysis completes, regardless of outcome. Source code is never shared with third parties.

3. Personal access tokens

Git provider tokens (GitHub PATs, GitLab tokens, etc.) you provide for private repository access are stored in your browser's local storage and transmitted to our backend only at the moment of cloning. We do not persist them in our database.

4. AI features

When AI explanations or fix suggestions are requested, the relevant issue context (rule ID, severity, ~120 characters of surrounding code) is sent to Anthropic's Claude API. No full source files are sent. Anthropic does not retain or train on this data per their API terms.

5. Cookies & tracking

We use only first-party authentication cookies and local storage for session state. We do not use third-party analytics, advertising, or behavioral tracking.

6. Data retention & deletion

You can delete any project (and all its analyses) from the Projects page. Account deletion is available on request via the contact email below; we will purge all your data within 30 days.

7. Contact

For privacy questions or data deletion requests, contact us at privacy@impactcodeanalysis.com.

This policy will evolve as the product matures. Material changes will be communicated via email to all registered users at least 30 days before taking effect.