Privacy Policy
Last Updated: June 1, 2026
At DepGraph, we take your privacy seriously. This policy describes how we collect, use, and protect your information when you use our CLI, GitHub Action, and Dashboard.
1. Information We Collect
We only collect the information necessary to provide our services:
- Account Information: Name, email address, and GitHub username when you sign in via OAuth.
- Repository Data: We read your
package.jsonand lockfiles to compute health scores. We do not store or clone your source code. - Usage Data: Basic telemetry (e.g., CLI invocations, dashboard page views) collected via PostHog to help us improve the product.
2. How We Use Your Information
We use your data solely for the following purposes:
- To provide, maintain, and improve the DepGraph service.
- To process your payments and manage your subscription.
- To send you important alerts, such as critical CVE notifications or weekly digests.
3. Data Sharing
We will never sell your data to third parties. We only share data with trusted infrastructure partners (e.g., Vercel, Supabase, Razorpay) strictly necessary for operating the service.
4. Security
We implement industry-standard security measures. Your GitHub OAuth tokens are securely encrypted at rest. Our API endpoints require authentication and are rate-limited to prevent abuse.
5. Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@depgraph.vedanshh.dev.