Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Authentication credentials (hashed passwords or OAuth tokens)
• Organization name and membership information

1.2 Repository Metadata

When you connect a repository, we collect and index:

• File names and directory structure
• Function signatures, class definitions, and type declarations
• Import/export relationships and dependency graphs
• Git commit metadata (authors, timestamps, commit messages)

We do not store your full source code. We index structural metadata — the “shape” of your codebase — to build the knowledge graph. Source code is processed transiently during indexing and is not persisted.

1.3 Usage Data

We automatically collect:

• Browser type, operating system, and device information
• IP address (used for rate limiting and security; not stored long-term)
• Pages visited, features used, and interactions within the Service
• API and CLI usage patterns (endpoints called, frequency)

1.4 Cookies & Analytics

We use essential cookies for authentication and session management. We use Plausible Analytics for privacy-compliant website analytics — no cookies, no personal data collection, no cross-site tracking. We do not use Google Analytics or any advertising trackers.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Build and maintain your codebase knowledge graph
• Generate health grades, guardrails, and code intelligence outputs
• Provide MCP context to your AI coding assistants
• Send transactional emails (account verification, billing, security alerts)
• Detect, prevent, and address security issues and abuse
• Comply with legal obligations

We do not use your repository data to train machine learning models. Analysis is performed per-repository and per-organization. Your data is isolated from other customers.

3. Data Sharing & Third Parties

We do not sell your personal data. We share data only in the following circumstances:

• Service providers: We use third-party infrastructure providers (cloud hosting, database services) that process data on our behalf under strict data processing agreements.
• AI providers: When generating code intelligence outputs, we may send repository metadata to AI model providers. We use providers that do not train on customer data and we minimize the data sent to what is necessary for the analysis.
• GitHub / GitLab: When you connect a repository, we interact with your Git hosting provider via their APIs using the permissions you grant. We access only the repositories and data you explicitly authorize.
• Legal requirements: We may disclose information if required by law, subpoena, or legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Authentication tokens are hashed and never stored in plaintext
• API keys are generated with cryptographic randomness and can be revoked at any time
• Infrastructure hosted on SOC 2 compliant providers
• Regular security reviews and dependency audits

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Knowledge graph data: Deleted when you disconnect a repository or delete your account. Re-indexing builds a fresh graph from your current codebase.
• Usage logs: Retained for up to 90 days for operational purposes, then anonymized or deleted.
• Billing records: Retained as required by tax and accounting regulations (typically 7 years).

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data. You can delete your account at any time from the dashboard settings.
• Portability: Request your data in a structured, commonly used format.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request that we restrict processing of your data.

To exercise any of these rights, email us at privacy@unerr.dev. We will respond within 30 days.

7. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract: Processing necessary to provide the Service to you.
• Legitimate interest: Processing for security, fraud prevention, and service improvement.
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal obligation: Where processing is required by law.

Data may be transferred to the United States where our infrastructure is located. We use Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard international data transfers.

8. California Users (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the “sale” of personal information. We do not sell personal information.

To make a CCPA request, email privacy@unerr.dev with the subject line “CCPA Request.”

9. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at:

• Email: privacy@unerr.dev

See also our Terms of Service.