depGraph

Privacy Policy

Last Updated: June 1, 2026

At DepGraph, we take your privacy seriously. This policy describes how we collect, use, and protect your information when you use our CLI, GitHub Action, and Dashboard.

1. Information We Collect

We only collect the information necessary to provide our services:

  • Account Information: Name, email address, and GitHub username when you sign in via OAuth.
  • Repository Data: We read your package.json and lockfiles to compute health scores. We do not store or clone your source code.
  • Usage Data: Basic telemetry (e.g., CLI invocations, dashboard page views) collected via PostHog to help us improve the product.

2. How We Use Your Information

We use your data solely for the following purposes:

  • To provide, maintain, and improve the DepGraph service.
  • To process your payments and manage your subscription.
  • To send you important alerts, such as critical CVE notifications or weekly digests.

3. Data Sharing

We will never sell your data to third parties. We only share data with trusted infrastructure partners (e.g., Vercel, Supabase, Razorpay) strictly necessary for operating the service.

4. Security

We implement industry-standard security measures. Your GitHub OAuth tokens are securely encrypted at rest. Our API endpoints require authentication and are rate-limited to prevent abuse.

5. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@depgraph.vedanshh.dev.