Last updated: March 2026

Privacy Policy

This policy explains what data Driftlog collects, why we collect it, and what we do with it. We believe you should not need a law degree to understand how your data is handled.

What we collect

When you sign up, we collect your email address and a hashed version of your password. If you sign in via GitHub, we receive your GitHub user ID, username, and email from the OAuth flow. We also collect metadata about your repositories including names, default branches, and visibility settings. When Driftlog runs an analysis, we store violation metadata: file paths, line numbers, rule identifiers, severity levels, and timestamps. We do not store your source code.

How we use your data

We use your data to operate the service: authenticating you, running analyses, displaying results, and sending notifications you have opted into. We also use aggregated, anonymized data to improve the product, such as understanding which rules are most commonly triggered. We do not sell your data. We do not use your data for advertising. We do not train machine learning models on your code or violation data.

Third-party services

We use the following third-party services to operate Driftlog: Vercel for hosting, Neon for database hosting, Paystack for payment processing, and Postmark for transactional email. Each of these services has their own privacy policy. We only share the minimum data required for each service to function.

Cookies

Driftlog uses a single HTTP-only session cookie for authentication. We do not use tracking cookies, analytics cookies, or any third-party cookie-based tracking. There is no cookie banner because there is nothing to consent to beyond what is strictly necessary.

Data retention

We retain your data for as long as your account is active. If you delete your account, all your data is permanently deleted within 30 days. Backups that contain your data are rotated and fully purged within 90 days of account deletion.

Your rights

You can export your data at any time from the dashboard. You can delete your account and all associated data at any time. If you are in the EU, you have additional rights under GDPR including the right to access, rectification, and erasure. Contact privacy@driftlog.dev for any data-related requests.

Changes to this policy

If we make meaningful changes to this policy, we will notify you via email at least 30 days before the changes take effect. Minor clarifications or formatting changes may be made without notice.