Skip to main content

Privacy Policy

Last updated: January 1, 2025

What Data We Collect

We collect the following information when you request or purchase an audit:

  • Name and work email address
  • Repository URL submitted for audit
  • Payment information (processed securely by Stripe — we never store raw card data)
  • Usage data such as pages visited and actions taken on our site

How We Use Your Data

Your data is used exclusively to deliver audit services to you. Specifically:

  • To perform the IV&V audit on the repository you submit
  • To deliver your report and schedule your debrief call
  • To send transactional emails related to your order (via SendGrid)
  • To process payment and manage your subscription or one-time purchase (via Stripe)

We do not sell your data.

Third-Party Services

We share data with the following trusted third parties only as necessary to deliver our service:

  • Stripe — Payment processing. Stripe's privacy policy governs all payment data.
  • SendGrid — Transactional email delivery (order confirmations, report delivery).

We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

Data Retention

Audit artifacts and associated data are retained for one year from the date of delivery. Your repository is cloned into a secure, isolated sandbox for the duration of the audit and deleted upon report delivery. The only persistent artifact is the integrity hash of the audit output, retained for reproducibility.

You may request deletion of your data at any time by contacting us at privacy@mergeproof.org.

Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Deletion — Request that we delete your personal data (subject to legal retention obligations).
  • Portability — Request your data in a machine-readable format.
  • Correction — Request that we correct inaccurate data.
  • Opt-out — California residents may opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@mergeproof.org.

Contact

For any privacy-related questions or requests, please email us at privacy@mergeproof.org.