ProductIntegrationsPricingFeedback

Privacy Policy

Effective date: April 8, 2026

1. Information We Collect

When you use Ceraph, we collect information necessary to provide the service:

  • GitHub account information (username, email, organization membership) via GitHub OAuth
  • Repository metadata and code structure (analyzed for test generation, never stored raw)
  • Chat platform identifiers (Slack, Discord, or Google Chat user IDs for message delivery)
  • Payment information (processed by Stripe — we never see or store card numbers)
  • Usage data (browser actions consumed, test runs executed)

2. How We Use Your Information

We use collected information to:

  • Analyze your codebase to build application graphs and generate test plans
  • Execute visual tests against your preview deployments
  • Deliver test results via PR comments and chat notifications
  • Manage your subscription and enforce usage limits
  • Improve the service based on aggregate usage patterns

3. Data Storage and Security

Application graphs and test metadata are stored on our servers (Supabase/PostgreSQL). Source code is analyzed transiently and not persisted — we fetch files via the GitHub API, analyze them in memory, and discard the raw content after graph generation.

Screenshots and recordings captured during test runs are stored in cloud object storage (Cloudflare R2) and linked from your PR comments. These artifacts are associated with your repository and PR number.

Chat platform tokens are encrypted at rest using AES-256-GCM when encryption keys are configured.

4. Third-Party Services

We use the following third-party services to operate Ceraph:

  • GitHub — OAuth authentication, repository access, PR integration
  • Stripe — payment processing and subscription management
  • Supabase — database hosting
  • Cloudflare R2 — artifact storage (screenshots, recordings)
  • Resend — transactional email delivery
  • Slack, Discord, Google Chat — chat notification delivery

5. Data Retention

Application graphs are retained as long as your project is active and updated on each PR merge. Test artifacts (screenshots, recordings) are retained for 90 days. Account data is retained until you delete your account or uninstall the GitHub App.

6. Your Rights

You can:

  • Access your data through the Ceraph dashboard and API
  • Delete your account by uninstalling the GitHub App and contacting us
  • Request a copy of your stored data by emailing us
  • Opt out of non-essential communications at any time

7. Contact

For privacy-related questions, contact us at privacy@ceraph.dev.