Privacy Policy
Last updated: 9 April 2026
What data we collect
Account data
When you sign in with GitHub, we receive your GitHub user ID and email address via OAuth. We do not collect your name, address or any other personal information beyond what GitHub provides during authentication.
Project and repository data
We store project names, repository references (owner, name, branch) and quality gate configuration that you set up in the app.
Analysis data
When an analysis runs, we store the resulting scores, findings, metrics, KPIs, static analysis detections and vulnerability scan results. These are structured data derived from your code, not your source code itself.
Source code is never stored. File contents are fetched from GitHub during analysis, processed in memory and discarded once the analysis completes.
AI review data
When AI-assisted reviews run, a selection of files (typically 10 to 15 per domain) is sent to Anthropic's Claude API. We store the AI-generated findings, summaries and scores. We do not store the file contents that were sent for review.
Billing data
If you subscribe to the Pro plan, Stripe processes your payment. We store your Stripe customer ID and subscription ID. We never see or store your card number, CVV or full payment details. All payment processing is handled by Stripe.
API keys
API keys are stored as SHA-256 hashes only. The original key cannot be recovered from the stored hash. We retain a short prefix for display purposes in the settings page.
Cookies
Implera uses Supabase session cookies to maintain your login state. These are functional cookies required for the service to work. We also use Vercel Analytics, which may set performance-related cookies.
We do not use advertising cookies, tracking pixels, heatmaps or session recording.
Third parties
| Service | Data shared | Purpose |
|---|---|---|
| GitHub | API requests for repository tree, files, commits | Repository analysis |
| Supabase | All user, project and analysis data | Database, authentication |
| Anthropic | Selected file contents during AI reviews | AI-assisted code review |
| Stripe | Email, user ID, subscription preferences | Payment processing |
| Vercel | Page views, performance metrics | Analytics, hosting |
Data retention
Analysis results and AI reviews are retained for as long as your account is active. You can delete individual projects at any time, which removes all associated data.
On account deletion, all projects, analysis results, AI reviews, API keys and finding dismissals are permanently removed. Stripe records are retained as required by payment regulations.
Your rights
You can request access to, correction of, or deletion of your personal data at any time by contacting us. You can revoke Implera's access to your GitHub repositories at any time from your GitHub settings.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the email associated with your GitHub account.
Contact
If you have questions about this privacy policy, please get in touch.