Rukia

1. Introduction

Rukia ("we", "our", or "us") is a security vulnerability scanning platform for Next.js and TypeScript applications. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

GitHub Account Data

When you authenticate with GitHub OAuth, we collect your GitHub username, email address, and avatar URL. We also store your GitHub installation ID to access repositories you've granted permission to.

Repository Access

We access your repository code solely for the purpose of security scanning. We use read-only access and do not modify your code. Code is analyzed in memory and not permanently stored.

Scan Results

We store vulnerability scan results, including file paths, line numbers, and code snippets where vulnerabilities are detected. This data is associated with your account and repositories.

3. How We Use Your Information

To perform security vulnerability scans on your repositories
To display scan results and security metrics in your dashboard
To track scan history and show security trends over time
To manage your token balance and usage
To improve our vulnerability detection algorithms

4. Data Security

We implement industry-standard security measures to protect your data. All data is encrypted in transit using TLS. We use Supabase for secure authentication and database storage. Your GitHub access tokens are stored securely and never exposed.

5. Data Retention

We retain your scan results and account data for as long as your account is active. You can request deletion of your data at any time by contacting us. Upon account deletion, all associated data will be permanently removed within 30 days.

7. Your Rights

You have the right to access, correct, or delete your personal data. You can revoke our GitHub access at any time through your GitHub settings. For data requests, contact us at privacy@rukia.dev.