This policy explains, in plain language, what SupplyGuard stores, why it stores it, and what we try hard not to keep.
We collect the account details needed to let you sign in, connect GitHub, configure Slack, and use the dashboard.
We also store the dependency inventory, findings, installation details, and configuration data required to run the product for your workspace.
SupplyGuard is built to monitor dependency risk, not to become a copy of your codebase.
We do not position the product as a source-code warehouse. The product is meant to keep the security signal you need, while avoiding unnecessary code retention.
We use your data to show repo coverage, identify package risk, send alerts, troubleshoot the service, and protect the platform.
We do not sell customer data. We do not use your workspace data for advertising.
Data is shared with the infrastructure and integration providers required to run the product, such as hosting, database, queueing, GitHub, and Slack.
Those providers process data only as needed to deliver the service.
We keep data for as long as it is needed to operate your workspace, meet legal obligations, resolve disputes, and protect the service.
If you disconnect integrations or request deletion, we will remove data within a reasonable operational window unless we are required to keep some portion by law or for abuse prevention.
You can disconnect integrations, rotate secrets, and ask us to delete workspace data.
If you need help with access, correction, or deletion, contact the team listed below.
For privacy questions or deletion requests, contact tasavour@beneathatree.com.
