Skip to main content

🚀 Beta: All Pro and Team features are free. Install on GitHub →

Privacy Policy

Last updated: March 6, 2026

1. Who We Are

CodeRifts is operated by Péter Zsób (sole proprietor), based in Budapest, Hungary. For privacy inquiries, contact: security@coderifts.com

2. Data We Collect

When you install and use the CodeRifts GitHub App, we process:

  • OpenAPI schema file contents (from base and head branches of Pull Requests)
  • Repository metadata (repository ID, installation ID, organization name)
  • Pull Request metadata (PR number, branch names, commit SHAs)
  • GitHub user identifiers associated with the installation

When you visit coderifts.com, we may collect:

  • Standard web analytics data via Google Analytics (page views, country, browser type, device info)
  • Email address if you voluntarily subscribe to our newsletter

We may also collect contact data from third-party sources (such as Apollo.io or similar data enrichment tools) for outreach purposes. This may include:

  • Name and email address
  • Job title and company name
  • Location (city, country)

You may opt out of outreach communications at any time by replying to any email or contacting security@coderifts.com.

When you use the CLI or REST API:

  • OpenAPI schema content submitted for analysis
  • No authentication data is stored beyond the session

3. Data We Do NOT Collect

  • Source code (we only read OpenAPI spec files, not your codebase)
  • Personal data of your end users
  • Credentials, tokens, or secrets
  • Payment information (no billing during beta)

4. How We Use Your Data

  • Comparing OpenAPI schemas between base and head branches
  • Calculating risk scores and generating governance reports
  • Posting Pull Request comments with analysis results
  • Updating GitHub Check status (pass/fail)
  • Improving service reliability (operational logs)
  • Sending newsletter emails (only if you subscribed)

Schema content is processed in memory and is not stored persistently after the analysis is complete.

5. Data Retention

  • Schema content: Not retained after processing. Processed in memory only.
  • Operational logs: Retained for up to 30 days for debugging and reliability.
  • Newsletter email addresses: Retained until you unsubscribe.
  • GitHub installation metadata: Retained while the app is installed. Deleted upon uninstall.

6. Data Sharing

We do not sell, rent, or share your data with third parties for marketing purposes. Your data may be processed by the following service providers (sub-processors) solely for operating the CodeRifts service:

  • Railway (app.railway.com) — Application hosting (US region)
  • Cloudflare (cloudflare.com) — DNS, CDN, and web analytics
  • GitHub (github.com) — Platform integration and webhook delivery
  • Buttondown (buttondown.email) — Email newsletter delivery
  • Google Analytics (analytics.google.com) — Website usage analytics (property ID: G-KD3EFYTDS1)

7. Security

  • All communication is encrypted via HTTPS/TLS
  • Webhook payloads are verified using HMAC SHA-256 signature validation
  • GitHub App authentication uses JWT (RS256) with a private key
  • No schema content is written to disk or stored in databases

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under GDPR:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to restriction of processing: Request that we limit how we use your data while a concern is being resolved
  • Right to erasure: Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to withdraw consent: Where processing is based on consent (e.g., newsletter subscription), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal

Our legal basis for processing is legitimate interest (providing the service you installed). For newsletter emails and outreach communications, the legal basis is consent. You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been infringed.

To exercise any of these rights, contact: security@coderifts.com. We will respond within 30 days.

9. Data Deletion

Uninstalling the CodeRifts GitHub App automatically removes all associated installation data. To request deletion of any remaining data (e.g., operational logs, newsletter subscription), contact: security@coderifts.com

10. Cookies

The coderifts.com website uses cookies and similar technologies. These fall into three categories:

  • Essential / Session cookies — Required for the service to function correctly. These include session identifiers and security tokens used during authentication. They cannot be disabled without breaking core functionality.
  • Functionality cookies — Remember user preferences such as theme settings and dismissed banners. These improve your experience but are not strictly necessary for the service to operate.
  • Tracking and Performance cookies — Third-party analytics cookies set by Google Analytics (property ID: G-KD3EFYTDS1) to help us understand how visitors use the site. These cookies collect anonymized usage data including page views, session duration, traffic sources, and device information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use advertising pixels or remarketing tools.

11. Children’s Privacy

Our service is not directed at anyone under the age of 16, and we do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 16, we will take steps to delete that information as promptly as possible. If you believe that a minor has provided us with personal data, please contact us at security@coderifts.com.

12. GitHub and OpenAPI Data

When you connect your GitHub repositories to CodeRifts (via the GitHub App, GitHub Actions, or any other integration), we process the following data solely to provide the service:

  • OpenAPI schema files — We read and compare schema files (e.g., openapi.yaml, swagger.json) from the base and head branches of pull requests to detect breaking changes, calculate risk scores, and generate governance reports.
  • Webhook event data — We receive webhook payloads from GitHub containing pull request metadata (PR number, branch names, commit SHAs, repository identifiers) to trigger and contextualize the analysis.

We do not store or use schema contents for any purpose other than analysis within the user’s own account. Schema content is processed in memory and discarded after the analysis completes. We do not train models on your data, share schema contents with third parties, or retain them beyond the processing window.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Continued use of the service after changes constitutes acceptance.

14. Contact

For privacy-related inquiries: