PRIVACY
Privacy Policy
1. Who we are
RepoGEO (also referred to as “Repogeo” in branding materials) provides software that analyzes how public GitHub repositories may appear in generative AI systems. The operator of the website and service is the legal entity identified at checkout and in commercial agreements, or otherwise the publisher of this site.
For privacy requests, use the contact channel published with your subscription or inquiry (for example the email or form you used at checkout). If you only use the free tools without an account, we may ask reasonable questions to confirm you are asking about your own data.
2. Public information we process
The product is built for public open-source projects. When you submit a repository URL or identifier, we retrieve and process metadata and content that is already public on GitHub and the open web (for example README excerpts, license fields, topics, and release metadata). We do not intentionally log in to GitHub on your behalf to access private repositories.
Diagnostic outputs may be cached to control cost and improve latency. Aggregated or de-identified statistics may be used to improve the service, subject to this policy.
3. Personal data we may collect
Anonymous or light-weight diagnostics: technical data such as IP address (often truncated or hashed), user agent, requested repository coordinates, timestamps, and abuse-prevention signals. Purpose: security, rate limits, fraud prevention, and aggregate analytics. Retention is kept as short as reasonably needed for those purposes (often on the order of days to a few months, depending on configuration).
Accounts: if you sign in (for example with GitHub OAuth), we process identifiers needed to operate your account, such as email address, display name, profile image URL, and the OAuth subject from the provider. Purpose: authentication, account management, receipts, and support.
Payments: card and bank details are handled by payment processors (such as Stripe, Lemon Squeezy, or PayPal). We typically receive a customer identifier, subscription status, and limited billing metadata—not your full card number.
Marketing: we send product email only where you have clearly opted in. You can unsubscribe from any marketing message we send.
Support: if you email us or use a form, we process the content you send so we can respond.
4. Purposes and legal bases (EEA, UK, and similar laws)
Where GDPR-style rules apply, we rely on one or more of: performance of a contract (providing paid features you buy); legitimate interests (security, product improvement, and limited analytics balanced against your rights); consent (marketing emails and certain optional cookies or experiments, where required); and legal obligations (tax, accounting, or lawful requests).
5. Cookies and similar technologies
We use cookies and local storage where needed for security, session management, language preference, and understanding basic traffic patterns. You can control cookies through your browser. Strictly necessary cookies may remain required for sign-in and payments to work reliably.
6. Sharing with service providers
We use infrastructure and software vendors (hosting, databases, logging, email delivery). We use AI model APIs to generate or score parts of reports; prompts may include public repository context you asked us to analyze. Payment processors receive what they need to complete transactions under their own privacy policies.
We do not sell personal information in the “sale for money” sense used in some U.S. state laws. Where a law treats certain sharing as a “sale” or “sharing” for cross-context behavioral advertising, we aim to honor opt-out rights where required.
7. International transfers
We may process data in the United States and other countries where we or our vendors operate. If you are in the EEA, UK, or Switzerland, we rely on appropriate safeguards for transfers (such as the EU Commission Standard Contractual Clauses, UK Addendum, or comparable mechanisms) where legally required. You may request further detail about transfers by contacting us as described above.
8. Security and retention
We apply reasonable technical and organizational measures to protect personal data. No method of transmission over the Internet is completely secure.
We retain personal data only as long as needed for the purposes in this policy, including legal, tax, and dispute-resolution needs. Diagnostic caches for public repositories may have shorter technical TTLs as described in product documentation.
9. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.
To exercise rights, contact us using the channel above. We will verify requests where we need to protect account security. Some rights may not apply to information that is solely public GitHub content you do not control, though we can often delete cached copies tied to your account on request where technically feasible.
10. California residents (CPRA summary)
California residents may have additional rights under the CPRA, including to know categories of personal information collected, to request deletion or correction subject to exceptions, and to limit use of sensitive personal information where applicable. We do not use sensitive personal information to infer characteristics in ways that trigger CPRA “limit” use cases in our ordinary product operation.
You may designate an authorized agent where permitted by law. We will not discriminate against you for exercising CPRA rights.
11. Children
The service is not directed to children under 16 (or the higher age required in your jurisdiction). If you believe we have collected a child’s personal data in error, contact us and we will take appropriate steps to delete it.
12. Changes
We may update this policy from time to time. We will post the new effective date on this page and, where changes are material and we have your email on file, we may also notify you by email or in-product notice.