Privacy Policy

Centaur Privacy is the data controller responsible for your personal data. If you have questions or requests regarding this policy, contact us at info@centaurprivacy.com.

We collect the minimum data necessary to operate the service:

• GitHub identity — your GitHub username (login), obtained via OAuth scope read:user.
• Email identity — if you choose email sign-in instead of GitHub OAuth, we collect your email address and store the timestamp when you verified it. Verification links are short-lived and single-use. Email-only accounts do not grant us any GitHub permissions.
• Scan metadata — the repository URL you submit, file counts, finding counts, and scan duration.
• Code snippets — when our scanner identifies a potential privacy finding, a short excerpt (typically 20–30 lines; up to ~60 lines for finding types that require broader context for accurate analysis) of the relevant code is extracted, filtered to remove any detected secrets or credentials, and stored in our database alongside the finding record, together with the path of the flagged file within your repository. We store only the flagged excerpt and its file path, not the full file or repository contents. Flagged excerpts are also sent to Anthropic's Claude API for contextual analysis and are automatically deleted by Anthropic within 30 days. Anthropic does not train its models on this data.
• Uploaded repository archives — if you use the email-only upload flow, we temporarily receive the archive you provide, process it for the scan, and delete it after the scan completes. The archive itself is not stored in our database.
• Contact form submissions — if you submit the public contact form, we collect your name, email address, optional message, IP address, user-agent, and submission timestamp. This information is stored in the contact_requests table so we can respond to your inquiry and route it to our internal inbox.
• Feedback widget submissions — if you use the authenticated feedback widget, we collect your reaction (up or down), optional free-form comment (up to 1000 characters), page path, optional scan ID when feedback is submitted from a scan page, user-agent, submission timestamp, and your internal user ID. This information is stored in the feedback table.
• Product analytics events — we log first-party product usage events (for example: scan started, scan completed, login). Events are tagged with opaque internal UUIDs only — never your GitHub login or repository paths. No third-party analytics service is used.

• To authenticate you via GitHub OAuth or verified email and maintain your session.
• To perform privacy compliance scans on repositories you submit.
• To display your scan history and findings in the dashboard.
• To enforce the freemium scan limit associated with your account.
• To understand aggregate product usage so we can improve the service.

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

• Database — scan metadata, findings, and code snippets are stored in PostgreSQL on AWS RDS in us-east-1 (Northern Virginia, USA). EU and UK users should be aware that their data is transferred to and processed in the United States.
• Browser-held session credentials — your session cookie and, for GitHub OAuth users, your GitHub OAuth token live only in httpOnly cookies in your browser. They are used to authenticate requests while you are logged in and are never written to our database. Email-only sessions contain no GitHub token.
• Encryption — data in transit is protected by TLS. The GitHub token cookie (cp_gh_token) is Fernet-encrypted; the session cookie (cp_session) is HMAC-signed.

Retention windows:

• Scans, findings, and code snippets — retained while your account is active. You may request deletion at any time; we will complete it within 30 days.
• Product analytics events — retained for 13 months, then deleted.
• Contact form submissions — retained for 24 months, then deleted, or deleted earlier if you request deletion.
• Feedback widget submissions — retained for 13 months, then deleted.
• Security audit logs — retained for 7 years in immutable CloudWatch storage to meet regulatory and security requirements. Audit logs contain only internal IDs and metrics — never personal data or code content.
• Session cookies — expire 7 days after login or immediately on logout.

We share data only with the following sub-processors to operate the service:

We do not sell your data to any third party. We will update this list and provide at least 30 days' notice by email before adding any new sub-processor with access to personal data or customer code.

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases (GDPR Art. 6): contract performance — processing your GitHub identity and scan data is necessary to provide the service you have requested; and legitimate interests — maintaining security audit logs to detect abuse and ensure platform integrity.

Under the General Data Protection Regulation you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to erasure — request deletion of your account and associated scan records.
• Right to portability — request your data in a structured, machine-readable format.
• Right to restrict processing — ask us to pause processing your data in certain circumstances.
• Right to object — object to processing based on legitimate interests.
• Right to lodge a complaint — you have the right to complain to your local supervisory authority if you believe we have not handled your data in accordance with applicable law.

To exercise any of these rights, email info@centaurprivacy.com with "Privacy Request" in the subject line. We will acknowledge your request within 5 business days and respond within 30 days. For identity verification we may ask you to confirm your GitHub username or verified email address.

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete — request deletion of personal information we have collected from you.
• Right to opt-out of sale — we do not sell personal information, so no opt-out is required.
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email info@centaurprivacy.com with "Privacy Request" in the subject line.

Your GitHub OAuth token, when present, lives only in an encrypted, httpOnly cookie in your browser and is never written to our database. We use a separate session cookie (cp_session) to keep you logged in; it contains only your internal user ID. GitHub OAuth sessions also usecp_gh_token to hold the OAuth token. These cookies are httpOnly (inaccessible to JavaScript). cp_session is HMAC-signed and contains only your internal user ID; cp_gh_token is Fernet-encrypted and contains your GitHub OAuth token. Email-only sessions do not setcp_gh_token. Cookies expire 7 days after login or immediately when you log out. We do not use tracking cookies, analytics cookies, or any third-party cookies.

The OAuth token lets us read repository contents for scans and create a GitHub Issue only when you explicitly click "Create Issue" on a finding. We never fork, commit, open pull requests, modify files, or take any other repository write action. Logging out deletes the cookie; you can also revoke our app's authorization from your GitHub settings.

If we become aware of a security breach that affects your personal data or stored code excerpts, we will notify affected users within 72 hours of discovery by email. The notification will describe the nature of the breach, the data affected, the steps we have taken to contain it, and the actions we recommend you take.

We may update this policy as the service evolves. Material changes will be communicated by updating the effective date above and, where required by law, by direct email notification. Continued use of the service after a policy update constitutes acceptance of the revised terms.