Privacy Policy

Last updated: December 20, 2025

1. Introduction

SourceKeep ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our git hosting service at sourcekeep.dev (the "Service").

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

SourceKeep is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at:

Email: privacy@sourcekeep.dev

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, username, and password when you create an account
  • Profile Information: Optional display name and avatar
  • Repository Data: Source code, commits, branches, tags, and other git objects you push to our service
  • SSH Keys: Public SSH keys you add for git authentication
  • OAuth Data: When you sign in with GitHub or Google, we receive your email, name, and profile picture from those services

3.2 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, and timestamps
  • Usage Data: Pages visited, features used, and actions taken within the Service
  • Device Information: Device type and unique device identifiers

4. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Host your repositories, authenticate your access, and deliver core functionality
  • Account Management: Create and manage your account, process authentication, and handle support requests
  • Communication: Send transactional emails (password resets, security alerts) and, with your consent, product updates
  • Security: Detect and prevent fraud, abuse, and security threats
  • Improvement: Analyze usage patterns to improve our Service
  • Legal Compliance: Comply with legal obligations and respond to lawful requests

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract: Processing necessary to provide the Service you've requested
  • Legitimate Interests: Security, fraud prevention, and service improvement
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

6. Data Sharing and Recipients

We share your data with the following categories of recipients:

6.1 Service Providers

  • Cloudflare: Hosting, CDN, and DDoS protection (USA)
  • Neon: Database hosting (USA/EU)
  • Resend: Transactional email delivery (USA)

6.2 OAuth Providers

When you use GitHub or Google sign-in, those providers may receive information that you've authenticated with our Service.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not sell your personal data.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our service providers
  • Compliance with the EU-US Data Privacy Framework where applicable

8. Data Retention

We retain your data as follows:

  • Account Data: Until you delete your account
  • Repository Data: Until you delete the repository or your account
  • Log Data: 90 days
  • Backup Data: Up to 30 days after deletion from production systems

We may retain certain data longer if required for legal compliance, dispute resolution, or enforcement of our agreements.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

9.1 GDPR Rights (EU/EEA/UK)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limited processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

9.2 CCPA Rights (California)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@sourcekeep.dev or use the account settings in your dashboard.

10. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and security (session cookies)
  • Preference Cookies: Remember your settings (theme, language)

We do not use third-party tracking cookies or advertising cookies. We do not participate in cross-site tracking.

11. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments
  • Access controls and authentication requirements
  • Incident response procedures

12. Children's Privacy

SourceKeep is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

Users between 13 and 18 years old may use SourceKeep with the consent and supervision of a parent or legal guardian. Parents or guardians who allow minors to use the Service are responsible for:

  • Supervising the minor's use of the Service
  • Ensuring the minor understands and complies with our Terms of Service
  • All activities conducted through the minor's account
  • Any personal information the minor provides to the Service

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@sourcekeep.dev.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@sourcekeep.dev

For EU residents, you also have the right to lodge a complaint with your local data protection authority.