Privacy Policy

How we collect, use, and protect your personal information.

Last updated: May 25, 2026

1. Introduction

RepoPrism ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and code analysis services (the "Service"). Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: When you sign up, we collect your name, email address, and profile picture via your chosen authentication provider (Google, Apple, or GitHub).
  • GitHub Personal Access Token (PAT): If you provide a GitHub PAT to analyze private repositories, it is stored only in your browser's local storage and is never transmitted to or stored on our servers.
  • AI API keys: Any AI provider keys you enter (Groq, Gemini, etc.) are stored only in your browser and never sent to our servers.
  • Payment information: If you upgrade to Pro, payment is processed by Razorpay. We do not store your card details. We only receive a confirmation of your payment status from Razorpay.

2.2 Information Collected Automatically

  • Usage data: We record which GitHub repository URLs you analyze, the number of scans you perform per week, and your current plan status. This is stored in our database to enforce fair usage limits.
  • Scan results: If you click "Share Report", a copy of your analysis results is stored in our database for up to 30 days (free) or 90 days (Pro) so others can view the report via a link.
  • Log data: Our servers automatically log IP addresses, browser type, operating system, and pages visited. These logs are retained for up to 30 days for security and debugging purposes.

2.3 Information from Third Parties

  • Authentication providers: When you sign in with Google, Apple, or GitHub, we receive your name, email, and profile picture from that provider.
  • GitHub API: When you analyze a repository, we access its file tree and file contents through the GitHub API on your behalf. We do not store repository source code on our servers beyond what is temporarily needed to perform the analysis.

3. How We Use Your Information

  • To provide and operate the Service, including enforcing the weekly free scan limit.
  • To authenticate you and manage your account.
  • To process payments and manage your Pro subscription.
  • To generate and store shareable reports when you request them.
  • To send transactional emails such as payment receipts and account security alerts. We do not send marketing emails without your explicit consent.
  • To monitor and improve the security, reliability, and performance of the Service.
  • To comply with legal obligations.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We share data only in these limited circumstances:

  • Service providers: We use Supabase (database), Clerk (authentication), Razorpay (payments), and Vercel (hosting). Each processes only the data necessary for their service.
  • Legal requirements: We may disclose your information if required by law, court order, or government authority.
  • Business transfer: If RepoPrism is acquired or merged, your data may be transferred as part of that transaction. We will notify you beforehand.
  • With your consent: We share data in any other circumstances only with your explicit consent.

5. Data Storage and Security

Your data is stored in Supabase databases hosted on AWS infrastructure. We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit.
  • Row-level security policies in our database so users can only access their own data.
  • Webhook signature verification for all payment events.
  • No storage of AI API keys or GitHub tokens on our servers.

Despite these measures, no system is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

  • Account data: Retained as long as your account is active.
  • Scan usage records: Retained for 90 days for audit purposes.
  • Shared reports: Deleted after 30 days (free) or 90 days (Pro) from the scan date.
  • Server logs: Retained for 30 days, then automatically deleted.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict processing of your data.
  • Data portability, meaning you can receive your data in a machine-readable format.

To exercise any of these rights, email us at repoprism@gmail.com. We will respond within 30 days.

8. Cookies

We use minimal cookies. We set a single cookie to remember whether you have visited the pricing page. We do not use advertising cookies or third-party tracking cookies. Authentication session cookies are managed by Clerk and are strictly necessary for the Service to function.

9. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or by email. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, contact us at repoprism@gmail.com.

Privacy PolicyTerms of ServiceRefund PolicyDisclaimerAboutContact