Privacy Policy

Identity: When you connect GitHub, we store your GitHub ID, username and email. This is strictly to manage your scan quotas and account tier (Basic/Pro/Ultra).

Authentication: We use short-lived OAuth tokens. They are used only to access the repos you select and are never stored permanently in our database.

Scanning: To analyze your code, we send relevant files to Google's Gemini AI. We do not store your code on our servers after the scan is complete.

Payments: If you upgrade to Pro/Ultra, payment processing is handled securely by our third-party provider (Stripe). Heimdall never sees or stores your credit card details.

• No AI Training: We use Google's Enterprise API. Your code is never used to train third-party AI models.
• Product Analytics: We use Mixpanel to track usage patterns (like scan funnels) to improve Heimdall Scan. Mixpanel only runs after you click Accept on the cookie banner.
• No Data Selling: We don't sell, rent, or share your data with anyone. Ever.
• Minimal Logging: We only log technical errors to keep the tool running. We don't track your behavior or build user profiles.

GitHub OAuth handles authentication and repo access. See GitHub's Privacy Statement.

Google Gemini AI processes your repo files during each scan. See Google's Privacy Policy.

Mixpanel records anonymous product analytics after you accept cookies. See Mixpanel's Privacy Policy.

Sentry captures crash reports so we can fix bugs. Session Replay only activates after you accept cookies. See Sentry's Privacy Policy.

Here's every cookie and storage entry Heimdall Scan sets, and why. You can change your analytics choice any time by clicking Cookies in the footer.

Questions about this policy? Email us at legal@heimdallscan.com