Privacy Policy — ContextGraph

What we collect

When you sign in with GitHub, we receive your GitHub username, display name, avatar, email address, and an OAuth access token. We store these to identify you across sessions.

When you analyze a repository, we fetch the file tree and a sample of source files needed to build the dependency graph. We do not permanently store the raw contents of your source files. The graph structure and AI-generated summaries are stored so you can revisit them.

GitHub profile info (username, name, avatar, email)
Repository metadata (name, description, language, stars)
Graph data derived from analysis (module names, dependency links)
AI-generated summaries tied to repos you've analyzed
Usage logs (which repos were analyzed, when)

What we don't collect

We do not store raw source code. We fetch files, process them in memory to build the graph, and then they're gone. If you delete your account, we delete your graph data within 30 days.

How we use your data

Your data is used to provide the ContextGraph service, improve analysis quality, enforce usage limits, and send product updates if you've opted in. We don't build ad profiles, we don't sell to data brokers, and we don't share your data with third parties except the infrastructure providers listed below.

Third-party services

Vercel — hosting and serverless compute.
GitHub OAuth — authentication. Your GitHub credentials stay with GitHub.
OpenAI — AI summaries generated by sending module names and dependency structure (not raw source code) to OpenAI's API.

Cookies

We use a single session cookie (cg_user) to keep you signed in. It expires after 30 days. We don't use tracking or analytics cookies.

Your rights

You can delete your account and all associated data at any time. To exercise these rights, reach out at @contextgraphart or the contact page.

Changes

If we make significant changes, we'll post a notice on the site. Your continued use after a change means you accept the updated policy.