Privacy Policy

1. Information We Collect

ComplySync collects information necessary to provide our SOC2 compliance automation services:

• Account information (email, company name)
• GitHub repository metadata (not your source code)
• Branch protection rules and settings
• Pull request and code review metadata
• Payment information (processed by Stripe)

2. What We Don't Collect

We explicitly do NOT access or store:

• Your source code content
• Private repository file contents
• Commit diffs or code changes
• Developer personal information beyond what's in Git commits

3. How We Use Your Information

We use collected information to:

• Generate SOC2 compliance evidence reports
• Calculate your compliance score
• Send compliance alerts and notifications
• Process payments and manage subscriptions
• Improve our services

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use Supabase for secure database storage with row-level security policies. Access to production systems requires multi-factor authentication.

5. Data Retention

Compliance evidence is retained for 7 years per SOC2 requirements. Account data is retained for 30 days after account deletion. You can request immediate deletion by contacting us.

6. Third-Party Services

We use the following third-party services:

• GitHub (OAuth authentication, repository access)
• Stripe (payment processing)
• Supabase (database and authentication)
• Cloudflare (hosting and CDN)

7. Contact Us

For privacy questions or data requests, contact us at: privacy@complysync.com