Privacy Policy

Last Updated: October 12, 2025

1. Introduction

This Privacy Policy explains how Liljeforce AB (“we,” “us,” “our”) collects, uses, and protects your personal information when you use DebugALot (the “Service”).

Company Information:

  • Company Name: Liljeforce AB
  • Registration Number: 559211-3186
  • Address: c/o Liljefors, Grundtvigsgatan 39, 16848 Bromma, Sweden
  • Legal Jurisdiction: Sweden

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

GitHub Account Information:

  • GitHub username
  • Email address
  • GitHub user ID
  • Profile information from GitHub

Repository Information:

  • Repository names and metadata
  • Repository privacy status (public/private)
  • Branch names you analyze

User Preferences:

  • Analysis preferences (manual or automatic)
  • Optional Slack webhook URL for notifications

2.2 Code and Repository Content

When you run an analysis, we temporarily access:

  • Source code files from your selected repositories
  • Repository structure and file organization
  • Code content for AI analysis

Important: We only access repositories that you explicitly add to DebugALot. We never access repositories without your permission.

3. How We Use Your Information

3.1 Provide the Service

  • Authenticate your account via GitHub
  • Access and analyze your code repositories
  • Generate security and quality insights
  • Create AI-powered recommendations and prompts
  • Store analysis results for your review

3.2 Improve the Service

  • Understand how users interact with DebugALot
  • Identify bugs and technical issues
  • Develop new features and improvements
  • Analyze aggregate usage patterns (anonymized)

3.3 Communicate With You

  • Send important Service updates
  • Respond to your support requests
  • Notify you about your analyses
  • Request feedback (during beta)

4. Third-Party Services & Data Sharing

4.1 Essential Service Providers

We share your data with the following third-party services:

GitHub (Microsoft Corporation)

  • Purpose: Authentication and repository access
  • Data Shared: Your GitHub profile, repository metadata
  • Location: United States

Supabase (Supabase Inc.)

  • Purpose: Database and authentication infrastructure
  • Data Shared: User profile, repository data, analysis results
  • Location: European Union (Frankfurt, Germany)

Anthropic (Anthropic PBC)

  • Purpose: AI-powered code analysis (Claude models)
  • Data Shared: Source code files, repository structure
  • Location: United States

Google (Alphabet Inc.)

  • Purpose: AI-powered code analysis (Gemini models)
  • Data Shared: Source code files, repository structure
  • Location: United States

4.2 Your Code is Not Used for AI Training

Critical Privacy Protection:

  • Neither Anthropic nor Google uses your code to train their AI models
  • Your code is only used to generate analysis results for you
  • AI providers process your code transiently and do not retain it
  • Analysis results are stored in our database, not with AI providers

4.3 We Do Not Sell Your Data

We never sell, rent, or trade your personal information or code to third parties for their marketing purposes.

5. Data Storage & Security

5.1 Where We Store Data

  • Database: Supabase (PostgreSQL) hosted in the European Union (Frankfurt, Germany)
  • Analysis Results: Stored as structured data in our database
  • Code: Temporarily accessed for analysis, not permanently stored

5.2 How We Protect Your Data

We implement security measures including:

  • Encryption in Transit: All data transmitted using TLS/SSL
  • Encryption at Rest: Database encryption for stored data
  • Access Controls: Row-level security policies in our database
  • Authentication: Secure OAuth authentication via GitHub
  • Secret Detection: Automatic scanning to prevent accidental exposure

5.3 Data Retention

  • Active Accounts: We retain your account data while you actively use the Service
  • Inactive Accounts: We may delete accounts inactive for 12+ months with notice
  • Deleted Accounts: Personal data is removed; some anonymized data may be retained

6. Your Rights Under GDPR

If you are a resident of the European Union or European Economic Area, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data

Right to Data Portability

Request your data in a machine-readable format

Right to Object

Object to our processing of your data

Right to Lodge a Complaint

File a complaint with your data protection authority

7. International Data Transfers

Important for EU Users:

Your data is primarily stored in the European Union (Frankfurt, Germany) via Supabase. However, when analyzing your code, we share it temporarily with AI service providers (Anthropic, Google) located in the United States. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and compliance with GDPR transfer requirements. Your code is processed transiently and not permanently stored by AI providers.

8. Children's Privacy

DebugALot is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 18, we will delete it promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the modified Privacy Policy.

10. Your Choices & Control

  • Account Management: Update or delete your account at any time
  • Repository Access: You control which repositories we can access
  • Data Deletion: Request complete account and data deletion
  • Communication: Opt out of non-essential emails

11. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contractual Necessity: To provide the Service (GDPR Art. 6(1)(b))
  • Legitimate Interest: To improve the Service and ensure security (GDPR Art. 6(1)(f))
  • Consent: For optional features (GDPR Art. 6(1)(a))
  • Legal Obligation: To comply with applicable laws (GDPR Art. 6(1)(c))

12. Contact Information

Data Controller:

Liljeforce AB
c/o Liljefors
Grundtvigsgatan 39
16848 Bromma
Sweden

Company Registration Number: 559211-3186

For Privacy & GDPR Requests:
Email: amplycom@liljeforce.com

Swedish Data Protection Authority (Datainspektionen):
https://www.datainspektionen.se/

By using DebugALot, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described.

← Back to Home