Privacy Policy

Last updated: March 2026

RiftCheck is an API contract change detection platform. We monitor your repositories for API contract changes, analyzes them for breaking changes, and notifies you before changes. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

Information We Collect

GitHub Account Information

When you sign in with GitHub, we receive your name, email address, and avatar URL via OAuth. This is used to identify your account and display your profile within the app.

Repository Metadata

We store basic repository information including repository name, primary language, and default branch. This metadata helps us configure change detection for your projects.

Code Diffs

When commits or pull requests are pushed to your connected repositories, we receive and process the code diffs. These diffs are analyzed to detect API contract changes and are not stored long-term. Only the analysis results (detected changes, severity classifications, and affected endpoints) are persisted.

Notification Preferences

We store your notification channel configurations (email addresses, Slack webhook URLs) and delivery preferences so we can alert you about detected changes.

Information We Do Not Collect

  • Full source code. We only process diffs of files that are relevant to API contracts. We do not download, store, or have access to your entire codebase.
  • Credentials, secrets, or environment variables. We do not collect, process, or store any secrets, API keys, tokens, or environment configuration from your repositories.
  • Personal data beyond GitHub profile. We do not collect any personal information beyond what GitHub provides through OAuth (name, email, avatar).

How We Use Your Data

  • Detect API contract changes across your repositories.
  • Post comments on pull requests summarizing detected changes and their severity.
  • Send notifications about breaking changes via your configured channels (email, Slack, webhooks).
  • Display analytics, change history, and repository health metrics in your dashboard.

Data Storage

Your data is stored in a Turso database (SQLite cloud). The application is hosted on Vercel. Data retention depends on your plan: Free plans retain change history for 30 days, while paid plans offer extended or unlimited retention.

Third-Party Services

RiftCheck integrates with the following third-party services to provide its functionality:

  • GitHub — Authentication via OAuth and repository access via the RiftCheck GitHub App.
  • Resend — Email delivery for notifications and weekly digest reports.
  • Polar.sh — Billing, subscription management, and payment processing.
  • Vercel — Application hosting and deployment.

Data Deletion

You can delete your account and all associated data at any time from the Settings page in your dashboard. When you delete your account, all of your data — including repository configurations, change history, notification preferences, and analytics — is permanently removed from our systems.

Contact

If you have questions about this privacy policy or how we handle your data, contact us at support@riftcheck.dev.