SecuGoSecuGo
Connect GitHub
Privacy Policy

Your data, clearly explained.

Last updated: May 2026

What we collect

When you sign in with GitHub, we receive your GitHub username, public email address, and the OAuth access token required to read your repositories. We store your email and user ID in our database to associate your scan results with your account. We do not collect your password, payment information (paid plans are not yet live), or any personal data beyond what GitHub provides during OAuth.

How we use your data

Your GitHub token is used exclusively to fetch repository file contents for security scanning. Scan results — including file names, line numbers, and vulnerability descriptions — are stored in our database and associated with your account so you can review them later. We use Google Gemini to perform AI-powered analysis of code snippets. Snippets are sent to Gemini's API over an encrypted connection and are not used to train models under our current API agreement.

What we do not do

We do not sell your data. We do not share your repository contents or scan results with third parties except as required to operate the service (Supabase for storage, Google Gemini for AI analysis, Resend for email delivery). We do not store your GitHub access token persistently — it lives only in your encrypted session and is discarded when you sign out.

Data retention

Scan results and vulnerability findings are retained for as long as you have an active account. You may delete your account and all associated data at any time by contacting us at privacy@secugo.dev. We will action deletion requests within 30 days.

Cookies

SecuGo uses a single session cookie managed by Supabase Auth to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. No cookie consent banner is shown because we only set strictly necessary cookies.

Third-party services

We use Supabase (database and authentication), Google Gemini (AI analysis), and Resend (transactional email). Each of these services has its own privacy policy. We do not use any advertising or social tracking SDKs.

Contact

Questions about this policy? Email us at privacy@secugo.dev. We will respond within 5 business days.