Privacy Policy

Last Updated: January 2025

Introduction

Anchorpipe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Information You Provide

• Account Information: Email address, GitHub username, display name
• Repository Access: GitHub repositories you connect to Anchorpipe
• Preferences: Telemetry and notification preferences
• Support Communications: Information you provide when contacting support

Information Automatically Collected

• Usage Data: Test results, CI/CD run data, repository metadata
• Technical Data: IP address, browser type, device information
• Cookies and Tracking: Session cookies for authentication

Information from Third Parties

• GitHub: User profile, repository access, OAuth tokens (with your consent)

How We Use Your Information

We use the information we collect to:

• Provide Services: Process and analyze test results, generate insights
• Authentication: Manage user accounts and access control
• Communication: Send notifications, updates, and support responses
• Improvement: Analyze usage patterns to improve our service
• Compliance: Meet legal obligations and enforce our terms

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: Third-party vendors who assist in operating our service (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice)
• With Your Consent: When you explicitly authorize sharing

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data redacted within 30 days of deletion request
• Test Results: Retained for 30 days (configurable)
• Audit Logs: Retained for 2 years for compliance purposes
• Aggregated Data: Retained for up to 2 years for analytics

See our Retention Policy for detailed retention periods.

Your Rights (GDPR/CCPA)

You have the following rights regarding your personal information:

Access and Portability

• Right to Access: Request a copy of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format

Correction and Deletion

• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")

Restriction and Objection

• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests

Withdrawal of Consent

• Right to Withdraw Consent: Withdraw consent for data processing at any time

How to Exercise Your Rights

1. Via Account Settings: Use the Privacy section in your account settings (/account/privacy)
2. Data Export: Click "Export My Data" to download your personal data
3. Data Deletion: Submit a deletion request with optional reason
4. Contact Us: Email privacy@anchorpipe.dev for assistance

We will respond to your request within 30 days (as required by GDPR).

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: AES-256 encryption at rest, TLS 1.2+ in transit
• Access Controls: Role-based access control (RBAC) and authentication
• Audit Logging: Comprehensive audit trails for sensitive operations
• Regular Security Audits: CodeQL, Dependabot, and Snyk scanning
• Incident Response: Security incident response plan in place

See our Security Policy for details.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Data Processing Agreement: See our DPA for details

Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Session management and security
• Preferences: Remembering your settings
• Analytics: Understanding usage patterns (with your consent)

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email: Sending a notice to your registered email address
• Website: Posting a prominent notice on our website
• Version Date: Updating the "Last Updated" date at the top

Your continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: privacy@anchorpipe.dev
• Security Issues: security@anchorpipe.dev (see SECURITY.md)
• Data Protection Officer: dpo@anchorpipe.dev

Compliance

This Privacy Policy is designed to comply with:

• GDPR (General Data Protection Regulation) - EU/EEA
• CCPA (California Consumer Privacy Act) - California, USA
• Other Applicable Laws: As required by your jurisdiction

Additional Resources

• Data Subject Request Workflows - How to submit DSR requests
• Retention Policy - Detailed data retention periods
• Data Processing Agreement - DPA for enterprise customers
• Security Policy - Security practices and vulnerability reporting

---

Effective Date: January 2025
Version: 1.0