Legal

Terms & Data Usage

What data we access

When you connect your GitHub account, ShipSafe requests read-only access to your repository contents via the GitHub API. We fetch source code files temporarily to run our security scan. We do not request write access to your repositories.

We never store your source code

Your source code is streamed through our scanner and discarded immediately after analysis. We do not save, copy, or cache your code on our servers. The only data we persist are the scan results: finding categories, severity levels, file paths, line numbers, and your safety score.

Scan results

Scan results (safety score, finding counts, vulnerability details) are stored in our database so you can view them from your dashboard. Scan result pages are accessible via their unique URL. If you embed a ShipSafe badge, your grade (A–F) is publicly visible.

Authentication

We use GitHub OAuth for authentication. We store your GitHub user ID, username, and email to identify your account. We do not store your GitHub password or OAuth tokens beyond what is needed for active sessions.

Third-party services

ShipSafe uses Supabase for database and authentication, Vercel for hosting, and Umami for privacy-friendly analytics (no cookies, no personal data). We do not sell or share your data with advertisers or data brokers.

Data deletion

You can request deletion of your account and all associated scan data at any time by contacting us at nick@getshipsafe.com. We will process deletion requests within 30 days.

Contact

Questions about how we handle your data? Reach out at nick@getshipsafe.com.

Last updated: March 2026