Legal

Privacy Policy

Last updated: March 2026

Overview

CodebaseAtlas is a developer tool that analyzes public GitHub repositories. We are committed to being transparent about what data we collect and how it is used. The short version: we collect almost nothing, and what little we do collect is not linked to your identity.

What we collect

  • Repository URLs — when you submit a GitHub URL for analysis, that URL is sent to our backend and passed to the GitHub API to fetch the repository tree. It is stored in our database alongside the analysis result.
  • Job IDs and result data — analysis results are stored by a numeric job ID so you can retrieve them. Results are not linked to any user account or identifying information.
  • Standard server logs — like all web services, our hosting providers (Railway, Vercel) may collect IP addresses, request timestamps, and browser user-agent strings in standard access logs. These are not used for tracking.

What we do NOT collect

  • No user accounts, names, or email addresses
  • No cookies beyond what Next.js sets for basic functionality
  • No advertising trackers or third-party analytics SDKs
  • No private repository content — only public repositories can be analyzed

GitHub tokens (optional)

RepoScout offers an optional GitHub personal access token input to increase API rate limits. Tokens are used only for the duration of the single request and are never stored in our database or logs. They are transmitted directly to the GitHub API and discarded immediately after the request completes.

How analysis data is used

Repository URLs and analysis results are stored to allow result retrieval via the results page. We do not use this data to train AI models, share it with third parties, or use it for any commercial purpose beyond operating the service.

Analysis requests are sent to Anthropic (the maker of Claude) for processing. Anthropic's own privacy policy governs how they handle API requests. Specifically, structured repository data (file names, detected frameworks, dependency lists) is included in the prompt sent to Claude. Raw file source code is not sent.

Data retention

Analysis results may be retained indefinitely to support result retrieval by job ID. We may periodically purge old results as part of database maintenance. There is no user-facing mechanism to delete a specific result, as results are not linked to any account.

Note: If you have a specific data deletion request, contact us via the GitHub repository issue tracker.

Third-party services

  • Railway — backend hosting (Python/FastAPI)
  • Vercel — frontend hosting (Next.js)
  • Supabase — production database (Postgres)
  • Anthropic Claude API — LLM analysis
  • GitHub API / GitLab API — repository data

Each provider operates under their own privacy policies and data handling practices.

Changes to this policy

This policy may be updated over time. The “Last updated” date at the top of this page reflects when the most recent changes were made. Continued use of CodebaseAtlas after changes constitutes acceptance of the updated policy.

Questions? Open an issue on GitHub ↗