Privacy Policy

What We Collect

• GitHub user profile (login, email, avatar) via OAuth
• GitHub App installation metadata (account, repos selected)
• Governance check results (verdict, drift score, session coverage)
• Anonymized usage telemetry (check counts, response times)

What We Do NOT Collect

• We do not store your source code - repos are cloned temporarily and deleted after each check
• We do not read files outside the .exo/ governance directory
• We do not share data with third parties (except Paddle for billing)

How We Use Data

We use collected data to run governance checks, display dashboard reports, improve the service, and communicate with you about your account.

Data Storage

Data is stored on Fly.io infrastructure in the US (San Jose, CA). We use encryption in transit (TLS) for all connections.

Your Rights

You can request data export or deletion at any time by emailing hello@exoprotocol.ai. Uninstalling the GitHub App immediately revokes our access to your repositories.

Cookies

We use a session cookie for authentication. No tracking cookies or third-party analytics are used.

Contact

Questions? Email hello@exoprotocol.ai.