Privacy Policy
This page explains how DevSecOps Bot collects, uses, and protects information when you use our website, GitHub app, and security scanning services.
Last updated April 4, 2026
We collect information you provide directly, such as names, email addresses, organization details, support requests, and billing or onboarding details.
-
GitHub or source control account identifiers and installation metadata.
-
Repository, pull request, branch, container, and Kubernetes scan results.
-
Operational logs, audit trails, and basic product usage telemetry used to run and secure the service.
We use collected information to authenticate users, provide scans, present findings, support customers, improve product performance, and protect the service against abuse.
-
Deliver security scans, dashboards, alerts, and workflow integrations.
-
Investigate incidents, troubleshoot issues, and respond to support requests.
-
Measure service health, usage patterns, and feature adoption.
We may share data with hosting, storage, monitoring, communication, and support providers that help us operate the service.
We may also disclose information when required by law, to enforce agreements, or as part of a corporate transaction. We do not sell personal information.
We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.
Retention can vary by plan, deployment model, and customer configuration. We use administrative, technical, and organizational controls designed to protect data from unauthorized access or loss.
You can request updates to account information, ask about deletion, or manage connected GitHub permissions through your account and installation settings.
For privacy questions, contact [email protected]. If a customer contract or data processing agreement applies, that agreement controls where it conflicts with this page.