Privacy Policy

Effective date: June 18, 2026

1. Data Controller

Centaur Privacy is the data controller responsible for your personal data. If you have questions or requests regarding this policy, contact us at info@centaurprivacy.com.

2. Data We Collect

We collect the minimum data necessary to operate the service:

  • GitHub identity — your GitHub username (login), obtained via OAuth scope read:user.
  • Email identity — if you choose email sign-in instead of GitHub OAuth, we collect your email address and store the timestamp when you verified it. Verification links are short-lived and single-use. Email-only accounts do not grant us any GitHub permissions.
  • Scan metadata — the repository URL you submit, file counts, finding counts, and scan duration.
  • Code snippets (Privacy Checks) — for each finding, we extract a short excerpt of the relevant code (typically 20–60 lines), filter out detected secrets, and store it with the file path. We store only the excerpt, not the full file or repository. Excerpts are sent to our AI model provider for analysis (see §5 for provider details and retention).
  • Privacy Review code context — Privacy Review reads substantially more code than Privacy Checks. A single run sends up to roughly 200,000 tokens of file content to our AI model provider across multiple requests. We do not store the raw file contents — only the derived outputs described in the next bullet. See §5 for provider details and retention.
  • Privacy Review findings and analysis — when you run a Privacy Review, we store AI-derived information about your codebase: the categories of personal data, processing purposes, processing activities, user controls, jurisdiction hints, and third-party integrations our model identifies, together with a free-text summary of what your codebase does and an executive summary of the review, and the list of files examined. For each evaluated regulation requirement we store a status, confidence level, summary, suggested action, and supporting evidence (file path, line number, code snippet, and note) — similar in nature to the code snippets stored for Privacy Checks, but held in separate database tables together with any open questions the review raises.
  • Uploaded repository archives — if you use the email-only upload flow, we temporarily receive the archive you provide, process it for the scan, and delete it after the scan completes. The archive itself is not stored in our database.
  • Contact form submissions — if you submit the public contact form, we collect your name, email address, optional message, IP address, user-agent, and submission timestamp. This information is stored in the contact_requests table so we can respond to your inquiry and route it to our internal inbox.
  • Feedback widget submissions — if you use the authenticated feedback widget, we collect your reaction (up or down), optional free-form comment (up to 1000 characters), page path, optional scan ID when feedback is submitted from a scan page, user-agent, submission timestamp, and your internal user ID. This information is stored in the feedback table.
  • Product analytics events — we log first-party product usage events (for example: scan started, scan completed, login). Events are tagged with opaque internal UUIDs only — never your GitHub login or repository paths. No third-party analytics service is used.

3. How We Use Your Data

  • To authenticate you via GitHub OAuth or verified email and maintain your session.
  • To perform privacy compliance scans on repositories you submit — either fast, pattern-based detection of common violations with minimal AI use (Privacy Checks), or a holistic, AI-powered review against a curated regulation-requirement catalog that reads substantially more of your code (Privacy Review), depending on the scan type you choose.
  • To display your scan history and findings in the dashboard.
  • To enforce the freemium scan limit associated with your account.
  • To understand aggregate product usage so we can improve the service.

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

4. Storage, Security, and Retention

  • Database — scan metadata, findings, and code snippets are stored in PostgreSQL on AWS RDS in us-east-1 (Northern Virginia, USA). EU and UK users should be aware that their data is transferred to and processed in the United States.
  • Browser-held session credentials — your session cookie and, for GitHub OAuth users, your GitHub OAuth token live only in httpOnly cookies in your browser. They are used to authenticate requests while you are logged in and are never written to our database. Email-only sessions contain no GitHub token.
  • Encryption — data in transit is protected by TLS. The GitHub token cookie (cp_gh_token) is Fernet-encrypted; the session cookie (cp_session) is HMAC-signed.

Retention windows:

  • Scans, findings, and code snippets — retained while your account is active, including Privacy Review context, requirement findings, evidence, and open questions. You may request deletion at any time; we will complete it within 30 days.
  • Product analytics events — retained for 13 months, then deleted.
  • Contact form submissions — retained for 24 months, then deleted, or deleted earlier if you request deletion.
  • Feedback widget submissions — retained for 13 months, then deleted.
  • Security audit logs — retained for 7 years in immutable CloudWatch storage to meet regulatory and security requirements. Audit logs contain only internal IDs and metrics — never personal data or code content.
  • Session cookies — expire 7 days after login or immediately on logout.

5. Third-Party Sub-processors

We share data only with the following sub-processors to operate the service:

ProviderPurposeData shared
GitHubOAuth identity provider; repository read access; user-triggered finding Issue creation; automatic contact-form Issue creation; public repository tarball sourceOAuth flow for GitHub users; repo contents read in memory during scan; anonymous public-repo tarball fetches for email users; on "Create Issue" click — issue title, body, and labels for the selected repo; on contact form submission — sanitized contact details and message in an internal inbox Issue
Amazon Web ServicesInfrastructure (RDS, ECS, CloudWatch)Scan metadata; code snippets; Privacy Review context, findings, and evidence; audit log IDs; transient uploaded archives during scan execution
AnthropicLLM analysis (Claude API), when configured as our AI model providerCode excerpts or broader code context (see §2); deleted within 30 days; no training on your data. See Privacy Center and Commercial Terms.
GoogleLLM analysis (Gemini via Vertex AI), when configured as our AI model providerCode excerpts or broader code context (see §2); no training on your data. Retention window varies — see Vertex AI Data Governance.

Our AI model provider is configurable per deployment; at any given time we use either Anthropic or Google (or both) to perform LLM analysis, as reflected above. We do not sell your data to any third party. We will update this list and provide at least 30 days' notice by email before adding any new sub-processor with access to personal data or customer code.

6. Your Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases (GDPR Art. 6): contract performance — processing your GitHub identity and scan data is necessary to provide the service you have requested; and legitimate interests — maintaining security audit logs to detect abuse and ensure platform integrity.

Under the General Data Protection Regulation you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to erasure — request deletion of your account and associated scan records.
  • Right to portability — request your data in a structured, machine-readable format.
  • Right to restrict processing — ask us to pause processing your data in certain circumstances.
  • Right to object — object to processing based on legitimate interests.
  • Right to lodge a complaint — you have the right to complain to your local supervisory authority if you believe we have not handled your data in accordance with applicable law.

To exercise any of these rights, email info@centaurprivacy.com with "Privacy Request" in the subject line. We will acknowledge your request within 5 business days and respond within 30 days. For identity verification we may ask you to confirm your GitHub username or verified email address.

7. Your Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete — request deletion of personal information we have collected from you.
  • Right to opt-out of sale — we do not sell personal information, so no opt-out is required.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email info@centaurprivacy.com with "Privacy Request" in the subject line.

8. Cookies

Your GitHub OAuth token, when present, lives only in an encrypted, httpOnly cookie in your browser and is never written to our database. We use a separate session cookie (cp_session) to keep you logged in; it contains only your internal user ID. GitHub OAuth sessions also usecp_gh_token to hold the OAuth token. These cookies are httpOnly (inaccessible to JavaScript). cp_session is HMAC-signed and contains only your internal user ID; cp_gh_token is Fernet-encrypted and contains your GitHub OAuth token. Email-only sessions do not setcp_gh_token. Cookies expire 7 days after login or immediately when you log out. We do not use tracking cookies, analytics cookies, or any third-party cookies.

The OAuth token lets us read repository contents for scans and create a GitHub Issue only when you explicitly click "Create Issue" on a finding. We never fork, commit, open pull requests, modify files, or take any other repository write action. Logging out deletes the cookie; you can also revoke our app's authorization from your GitHub settings.

9. Security Breach Notification

If we become aware of a security breach that affects your personal data or stored code excerpts, we will notify affected users within 72 hours of discovery by email. The notification will describe the nature of the breach, the data affected, the steps we have taken to contain it, and the actions we recommend you take.

10. Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated by updating the effective date above and, where required by law, by direct email notification. Continued use of the service after a policy update constitutes acceptance of the revised terms.