保護DataHogo

Privacy Policy

Last updated: February 18, 2026

This policy explains what data we collect, how we use it, and your rights. We believe in transparency — if something isn't clear, ask us.

1. Information We Collect

Account information: Email address, name, and avatar (from GitHub OAuth or email signup). GitHub data: Repository names, branch information, and code (temporarily, during scans). We access this through our GitHub App with the permissions you grant. Scan data: Vulnerability findings, security scores, scan metadata (duration, engines used, technologies detected). Usage data: Pages visited, features used, scan frequency. Collected via PostHog (privacy-friendly analytics). Payment data: Handled entirely by Stripe. We never see or store your credit card number.

2. How We Use Your Information

- To run security scans on your repositories - To generate AI-powered vulnerability explanations and fixes - To display your dashboard, scan history, and security scores - To enforce plan limits and billing - To send transactional emails (scan complete, security alerts) - To improve the service (aggregate, anonymized analytics only)

3. Code Access and Handling

This is the part you probably care about most. When you run a scan, our worker clones your repository into an isolated Docker container. The scan runs, results are extracted, and the clone is deleted. The entire process takes 2-5 minutes. We do NOT: - Store your source code after the scan - Share your code with third parties (except Anthropic's API for fix generation — see below) - Use your code for training any AI model - Access repositories you haven't explicitly connected

4. AI Processing

When generating vulnerability explanations or code fixes, we send relevant code snippets to Anthropic's Claude API. Only the code surrounding a detected vulnerability is sent — not your entire codebase. Anthropic does not use API inputs to train their models. See Anthropic's usage policy for details. AI-generated explanations and fixes are cached (without your identifying information) to improve response times for common vulnerability patterns.

5. Data Retention

Scan results: Retained according to your plan (Free: 7 days, Basic: 30 days, Pro: unlimited). Expired data is permanently deleted via automated cleanup. Account data: Retained while your account is active. When you delete your account, all data (profile, scans, findings, subscriptions) is permanently deleted within 30 days. Server logs: Retained for 30 days for debugging and security monitoring, then deleted.

6. Third-Party Services

We use the following third-party services that may process your data: - Supabase: Database and authentication (hosted in AWS, US region) - Stripe: Payment processing - Anthropic (Claude API): AI-powered analysis and fix generation - Vercel: Web application hosting - Railway: Scan worker hosting - GitHub: Repository access via GitHub App - Sentry: Error tracking (no PII logged) - PostHog: Privacy-friendly analytics - Resend: Transactional emails

7. Security

We practice what we preach. Our own codebase follows strict security standards: - Row Level Security (RLS) on every database table - All API inputs validated with Zod schemas - Webhook signatures verified (GitHub, Stripe) - No secrets in code — all credentials in environment variables - CORS restricted to our domains - Rate limiting on all public endpoints If you discover a vulnerability in Data Hogo itself, please report it to security@datahogo.com.

8. Your Rights

You can: - Access your data: Everything is visible in your dashboard - Export your data: Contact us for a full export - Delete your data: Delete your account from Settings — all data is permanently removed - Disconnect GitHub: Remove our GitHub App access anytime from Settings or GitHub For users in the EU/EEA: You have additional rights under GDPR including data portability and the right to object to processing. Contact us to exercise these rights.

9. Children

Data Hogo is not intended for children under 16. We do not knowingly collect data from children.

10. Contact

Privacy questions? Email us at privacy@datahogo.com.