Privacy Policy

Overview

ShipReady ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our security scanning service.

Information We Collect

• Account Information: Email address, name, and GitHub username when you sign up.
• GitHub Data: Repository metadata (names, branches) and OAuth tokens to access your repositories.
• Scan Results: Security findings, scores, and vulnerability data from your code scans.
• Usage Data: How you interact with our service, including features used and scan frequency.

What We Don't Store

We never store your source code. Scans run in isolated GitHub Actions within your own repository. Only scan results and findings are stored in our database. Your code remains in your GitHub account at all times.

How We Use Your Information

• To provide and improve our security scanning service
• To send scan results and security alerts
• To communicate product updates and service announcements
• To respond to support requests

Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest. GitHub OAuth tokens are encrypted before storage. Access to user data is strictly limited to authorized personnel.

Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and associated data at any time by contacting us. Scan history is retained for 12 months unless you request earlier deletion.

Third-Party Services

We use the following third-party services:

• GitHub: For authentication and repository access
• Supabase: For database and authentication infrastructure
• Vercel: For hosting and deployment

Your Rights

You have the right to access, correct, or delete your personal data. You can revoke GitHub access at any time through your GitHub settings. To exercise these rights or for any privacy concerns, contact us at privacy@getshipready.com.