Privacy PolicyEffective 2026-04-28
Novingly

Privacy Policy

This Privacy Policy explains what data Novingly collects when you use novingly.com, why we collect it, how long we keep it, and how you can delete it.

Short version: we collect as little as we can. We do not sell your data. You can delete it any time.

1. What we collect

Scan inputs: the public GitHub URL you submit. We use this to fetch files via the public GitHub API.

Scan outputs: the resulting report (file paths, line numbers, code snippets, finding categories, severity, score). These are stored to power the public leaderboard and shareable report URLs.

Account data (only if you sign up for a paid tier or waitlist): your email address, the product you purchased, and payment metadata returned by our payment processor (we do not store full card numbers).

Usage analytics: aggregated, pseudonymous page analytics via PostHog. Page views, click events, referrer, rough geography from IP, browser type. We do not link analytics events to your email address.

2. What we don't collect

  • We do not store the raw source code of repositories we scan beyond the snippet shown in each finding.
  • We do not access private GitHub repositories.
  • We do not store credit card numbers; payment processing is handled by a PCI-compliant third party.
  • We do not sell, rent, or trade personal data.

3. Cookies and tracking

We use a small number of first-party cookies for session state and preferences, plus PostHog analytics for product usage data. We do not use third-party advertising trackers. You can block cookies in your browser without losing core functionality.

4. How long we keep it

  • Scan reports: retained indefinitely as part of the public leaderboard, unless you request removal.
  • Account data: retained while your account is active, plus 30 days after deletion to comply with payment-record requirements.
  • Analytics: retained for 12 months in aggregated form.

5. Your rights

You can:

  • Request a copy of all data we hold about you.
  • Request deletion of your account and personal data.
  • Request that a specific scan report be removed from the public leaderboard (we’ll do this on request from a verified maintainer of the scanned repository).
  • Opt out of analytics by enabling Do Not Track in your browser or using a content blocker.

To exercise any of these rights, email privacy@novingly.com. We respond within 30 days.

6. Third parties we share with

  • Vercel — site hosting.
  • Supabase — database and authentication.
  • PostHog — product analytics.
  • Resend — transactional email delivery.
  • Anthropic — LLM provider for the semantic-analysis layer; receives the SKILL.md and a single handler file per scan and returns a structured finding.
  • Payment processor — merchant of record disclosed at checkout when you make a paid purchase.

7. Children

The Service is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, email privacy@novingly.com and we will delete it.

8. Changes

We may update this Policy. The current version will always be at this URL with an “effective” date at the top.

Questions? Email privacy@novingly.com.