Privacy Policy

1. Information we collect

We collect information in the following categories:

Account and profile information

When you sign in with GitHub, we receive information made available through GitHub OAuth, such as your GitHub user ID, username, email address (if provided by GitHub), and avatar URL. We store a profile record linked to your account in our database.

GitHub App and repository data

When you install the Launchioo GitHub App, we receive metadata about the installation (for example, account or organisation name, installation ID, and repositories you grant access to). To provide the Service, we process pull request data including PR numbers, commit SHAs, diff content for changed lines, file paths, and related metadata needed to run scans and post results.

Scan results and usage data

We store the output of our scans — including rule violations, severity, matched snippets, and timestamps — so you can review them in your dashboard. We may also collect standard web server logs (IP address, browser type, pages visited, and timestamps) for security, debugging, and service improvement.

Communications

If you contact us by email, we collect the content of your message and any information you choose to provide.

2. How we use information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate you and manage your account
• Scan pull request diffs, post PR comments, and update GitHub status checks on your behalf
• Display your dashboard, connected repositories, and scan history
• Respond to support requests and communicate about the Service
• Monitor for abuse, fraud, and security incidents
• Improve our rules, reliability, and user experience
• Comply with legal obligations and enforce our Terms

We do not sell your personal information. We do not use your repository code to train public machine-learning models.

3. Legal bases (EEA, UK, and Switzerland)

Where applicable data-protection law requires a legal basis, we process personal data on the grounds of: (a) performance of a contract with you; (b) our legitimate interests in operating and improving a secure SaaS product, provided those interests are not overridden by your rights; and (c) compliance with legal obligations. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. How we share information

We share information only as described below:

• Service providers — We use third parties that help us run the Service, including hosting providers, Supabase (database and authentication), and GitHub (OAuth and App APIs). These providers process data on our instructions and under appropriate agreements.
• Within your GitHub workflow — Scan findings are posted as comments and status checks on pull requests you configure the app to access. Anyone with access to those repositories may see those results.
• Legal requirements — We may disclose information if required by law, court order, or governmental request, or to protect the rights, property, or safety of Launchioo, our users, or others.
• Business transfers — If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

5. Data retention

We retain account and scan data for as long as your account is active or as needed to provide the Service. If you uninstall the GitHub App or delete your account, we will delete or anonymise associated data within a reasonable period, except where retention is required for legal, security, or backup purposes.

Server logs are typically retained for a limited period (for example, up to 90 days) unless needed for an investigation.

6. Security

We implement technical and organisational measures designed to protect your information, including encrypted connections (HTTPS), access controls, and secure credential storage for server-side integrations. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

7. Your rights and choices

Depending on your location, you may have the right to:

• Access, correct, or delete personal information we hold about you
• Object to or restrict certain processing
• Data portability
• Withdraw consent where processing is consent-based
• Lodge a complaint with a supervisory authority

You can revoke the GitHub App's access to your repositories at any time through your GitHub settings. You may request account deletion by contacting us at support@launchioo.com.

8. International transfers

We and our service providers may process information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers of personal data.

9. Children

The Service is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or a notice within the Service. Continued use after changes take effect constitutes acceptance of the updated Policy.

11. Contact us

Questions about this Privacy Policy or our data practices? Contact us at support@launchioo.com.

See also our Contact us page and Terms and Conditions.