1. Introduction
This Privacy Policy explains how apporig ("apporig", "we", "us", or "our") collects, uses, stores, and protects personal data when you use our source-code analysis platform at https://apporig.com (the "Service").
We process personal data in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) where it applies.
If you have questions about this Privacy Policy or your data, contact us at hello@apporig.com.
2. Data controller
The data controller responsible for your personal data is the operator of apporig (https://apporig.com).
For privacy-related requests, email hello@apporig.com. We will respond within the time limits required by applicable law.
3. Data we collect
We collect the following categories of data:
- Account data: email address, password (stored only as a cryptographic hash), workspace name, and team membership details.
- Source code and project data: files you upload (for example ZIP archives), Git repository URLs and references you provide, derived analysis results, fingerprints, similarity scores, and reports generated by the Service.
- Authentication and security data: session identifiers, refresh tokens (stored as hashes), CSRF tokens, password-reset and email-verification tokens, and optional multi-factor authentication settings.
- Usage and technical data: IP address, browser user agent, timestamps, audit logs of workspace actions, and diagnostic logs needed to operate and secure the Service.
- Communications: messages you send through contact forms or support channels.
4. How we use your data
We use personal data to:
- Provide, maintain, and improve the Service, including ingesting and analyzing source code you submit.
- Create and manage your account, workspaces, and team access.
- Authenticate users, prevent fraud and abuse, and protect the security of the Service.
- Send transactional emails such as welcome messages, email verification, password resets, and security notifications.
- Respond to support requests and communicate about the Service.
- Comply with legal obligations and enforce our Terms of Service.
5. Legal bases for processing (GDPR)
Where GDPR applies, we rely on the following legal bases:
- Performance of a contract: to provide the Service you register for and to process source code you submit for analysis.
- Legitimate interests: to secure the Service, prevent abuse, improve reliability, and maintain audit records, balanced against your rights.
- Consent: where required, for example when you opt in to non-essential communications.
- Legal obligation: where we must retain or disclose data to comply with applicable law.
6. Source code and confidential information
You remain the owner of source code and other materials you upload or connect to the Service. We process that content solely to provide analysis, comparison, reporting, and related features you request.
We treat uploaded source code as confidential business information. Access is restricted to authorized personnel and subprocessors who need it to operate the Service, subject to contractual confidentiality obligations.
You are responsible for ensuring that you have the legal right to upload or connect code and that doing so does not violate third-party rights or contractual obligations.
8. Data retention
We retain account data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements.
Source code, analysis artifacts, and reports are retained according to your workspace settings and operational requirements unless you delete them or close your account, after which we delete or anonymize data within a reasonable timeframe unless longer retention is required by law.
Security logs and consent records (including the version and timestamp of accepted legal terms) may be kept longer where necessary for security, audit, or compliance purposes.
8.1 Account deletion
You may delete your account from your personal settings. When you do, we schedule deletion of your personal workspace and any team workspaces you own, including all projects, analyses, revisions, reports, and stored source code.
If you delete your account while an active paid subscription remains, you permanently lose access to all analyses and related data. Every revision is deleted, and fees already paid for the subscription are not refunded, except where applicable law requires otherwise.
9. Security
We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, hashed credentials, and monitoring. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. International transfers
Your data may be processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to protect personal data transferred internationally.
11. Your rights
Depending on your location, you may have the right to:
- Access, rectify, or erase your personal data.
- Restrict or object to certain processing.
- Data portability, where applicable.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority.
11.1 Exercising your rights
To exercise these rights, contact us at hello@apporig.com. We may need to verify your identity before fulfilling a request.
13. Children
The Service is intended for business and professional use and is not directed to children under 16. We do not knowingly collect personal data from children.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates the current version (2026-05-26). Material changes will be communicated through the Service or by email where appropriate. Continued use after changes take effect constitutes acceptance of the updated policy, except where applicable law requires additional consent.
15. Contact
Questions about this Privacy Policy or our data practices: hello@apporig.com.