Privacy Policy

The pip-installed CLI runs entirely on your infrastructure. Your source code, git history, generated docs, embeddings, and the dependency graph never leave your machine. No telemetry is sent to repowise unless you explicitly opt in via REPOWISE_TELEMETRY=1.

When you bring your own LLM API key (Anthropic / OpenAI / Gemini / Ollama), the prompts and code excerpts go directly from your machine to that provider under their privacy terms — repowise is not in the path.

When you sign up for the hosted Service, we collect: account email, name, and avatar (from your OAuth provider); GitHub installation metadata (repos you grant access to); billing details (handled by our payment processor — we never see card numbers); and product telemetry (page views, feature use, error reports).

When you index a repository, we clone it onto an ephemeral compute instance, parse it into a dependency graph, mine git history, run embedding and LLM jobs against it, and store the resulting artifacts (wiki, graph, hotspots, decisions) in our database. The cloned working tree is deleted at the end of every indexing run; only the derived artifacts persist.

We use your data to: provide and improve the Service; authenticate you; bill you; send transactional email (re-index notifications, receipts); diagnose errors; and (for aggregate, non-identifying metrics) measure adoption.

We do not sell your data. We do not use your code or repository content to train any model.

Hosted Service relies on the following sub-processors:

• Supabase — primary database, auth, storage
• Modal — ephemeral indexing compute
• Railway — backend API hosting
• Vercel — frontend hosting + edge network
• LLM providers (Anthropic, OpenAI, Gemini) — only when you trigger a generation or chat
• Dodo Payments — billing and subscription management
• Sentry — error monitoring

Indexed snapshots are retained while your account is active. You can delete a repository, a workspace, or your entire account from settings. On account deletion we soft-delete with a 7-day grace period; after grace, data is purged from primary storage within 30 days and from backups within 90 days.

You may request access, export, correction, or deletion of your personal data at any time. Email privacy@repowise.dev. EU/UK residents have the rights described under GDPR/UK-GDPR including the right to lodge a complaint with a supervisory authority. California residents have CCPA rights including the right to know and the right to delete.

See our Security overview for transport encryption, encryption at rest for sensitive columns, access controls, and incident-response procedures.

We will post material changes to this policy on this page and update the “Last updated” date. Continued use after a change constitutes acceptance.

Questions or requests: privacy@repowise.dev.