1. Overview
AbyssGuard helps users review repositories for code-safety, reliability, maintainability, and shipping risk. This policy explains what information we collect, how we use it, and how source code is handled.
2. Information we collect
We may collect account email addresses, login identifiers, GitHub account IDs/usernames/profile URLs, repository URLs, selected repository metadata, plan and checkout status, scan settings, normalized report findings, usage counters, support messages, newsletter opt-in status, and technical logs needed to operate the service.
3. Source code handling
Source code is processed temporarily during a scan. AbyssGuard is designed to store normalized report data-such as file paths, line numbers, issue summaries, confidence, suggested fixes, and verification steps-instead of storing full source files by default.
4. GitHub and private repository access
Private repository scans require a GitHub connection or app installation. Access tokens are used server-side to retrieve the selected repository for the requested scan. AbyssGuard should not store GitHub tokens in reports or expose them to customers.
5. Payments
Payments are handled by Paddle or another listed payment provider. AbyssGuard receives payment and subscription events needed to unlock paid reports, subscription features, invoices, usage allowances, and account access. We do not store full payment card details.
6. How we use information
We use information to run scans, generate reports, show history, enforce plan allowances, prevent abuse, provide support, improve scanner quality, maintain security and reliability of the product, and send product/security updates when a user has opted in to marketing email.
7. Analytics
We use PostHog for product analytics to understand usage patterns, improve features, and provide support. When you create an account or log in, your email address is stored as a person property in PostHog to enable account identification and support lookup. PostHog also receives anonymized behavioral data such as page views and feature usage. We do not send source code, repository contents, access tokens, or report findings to PostHog. You can view PostHog's privacy practices at posthog.com/privacy.
8. Sharing
We do not sell source code or report data. We may share limited information with infrastructure, analytics, authentication, support, and payment providers when needed to operate AbyssGuard.
9. Deletion, unsubscribe, and questions
You can request deletion of account, scan, report, and contact metadata by contacting us through support@abyssguard.app. Marketing emails include an unsubscribe link. Some payment, tax, abuse-prevention, or security records may need to be retained where required or reasonably necessary.