Back to Home
Privacy Policy

Your Privacy, Explained

Last updated: May 14, 2026

Overview

Zentra is a code analysis tool that generates production readiness reports for public GitHub repositories. This policy explains what data we collect, how we use it, and what we never do. We've written it to be readable, not to bury important details in legalese.

What we collect

Account information

When you sign in with GitHub, we receive your public GitHub username, display name, and email address. When you sign up with email, we store your email and a bcrypt-hashed password — never the plaintext password.

Analysis reports

When you run an analysis, we store the resulting report: repository name, health score, issue titles, file paths, line numbers, descriptions, and suggested fixes. We do not store the actual source code of the repository.

Usage data

We track the number of analyses you run per month to enforce plan limits. We do not track page views, clicks, or session behaviour beyond what is necessary for the application to function.

What we never do

  • We never request GitHub OAuth scopes that grant repository access. Our scope is limited to read:user and user:email.
  • We never store your source code. Repository files are fetched, analysed in memory, and immediately discarded.
  • We never sell, rent, or share your data with third parties for advertising or marketing purposes.
  • We never analyse private repositories. Only public repositories accessible via the GitHub public API are supported.
  • We never make your analysis reports visible to other users. Reports are private to your account.

GitHub OAuth

If you sign in with GitHub, we request only the read:user user:email scopes. These allow us to identify you and associate reports with your account. They do not grant access to any repository, organisation, or code. You can verify this in the GitHub OAuth scopes reference. You can revoke our access at any time from your GitHub Authorized OAuth Apps settings.

How we use your data

Your account information is used solely to authenticate you and associate your reports with your account. Analysis reports are stored so you can view your history. We use the Claude AI API (Anthropic) to enhance analysis findings — repository file content is sent to Anthropic's API during analysis and is not retained by Anthropic beyond the duration of the API request, per their usage policies.

Data retention

Analysis reports are retained for as long as your account is active. If you delete your account, all associated reports and personal data are permanently deleted within 30 days.

Security

Passwords are hashed using bcrypt before storage. GitHub access tokens, if stored, are encrypted at rest. All data is transmitted over HTTPS. We do not log or persist repository source code at any point in the analysis pipeline.

Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top and, where appropriate, notify users by email. Continued use of Zentra after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this policy or want to request deletion of your data, open an issue on our GitHub repository.