Privacy Policy
This Privacy Policy describes how Lintora ("we", "us", or "our") collects, uses, and shares information when you use the website and related services at lintora.dev (together, the "Service"). We designed this policy to be readable and aligned with common expectations for developer tools that use third-party sign-in (Google and GitHub) and Supabase Auth.
1. Who this applies to
This policy applies to visitors of our marketing pages and to users who create or access an account through the Service, including when you authenticate with Google, GitHub, or other methods we enable from time to time.
2. Information we collect
Depending on how you use the Service, we may process:
- Account and profile information. When you sign in with Google or GitHub, we receive identifiers and profile details that those providers share with our authentication backend (for example, email address, display name, and profile image URL). We do not ask you to create a separate Lintora password for those flows.
- Authentication session data. Our Service uses Supabase Auth to issue and refresh your session. Technical tokens or cookies may be stored on your device so you can stay signed in and complete secure redirects (including PKCE-related values where applicable).
- Product usage and feedback. If you submit feedback, run scans, or use CLI-linked flows, we may process the content you choose to send (for example, repository metadata you approve, scan summaries, or messages you type) in order to operate and improve the Service.
- Technical and security data. Like most websites, we and our hosting providers may process IP address, device and browser type, timestamps, and diagnostic logs for reliability, abuse prevention, and security.
3. How we use information
We use the information above to:
- Provide, maintain, and secure the Service (including sign-in, sessions, and support).
- Operate features you request (for example, linking a CLI report to your account when you use that flow).
- Detect, investigate, and help prevent fraud, abuse, or technical issues.
- Comply with law and enforce our Terms of Service.
- Improve the Service in aggregated or de-identified form where appropriate.
4. Legal bases (EEA, UK, and similar regions)
Where GDPR-style laws apply, we rely on appropriate bases such as: performance of a contract with you (providing the Service you request); legitimate interests (security, product improvement, and internal operations), balanced against your rights; consent where required (for example, for certain cookies or marketing, if we offer them and you opt in); and legal obligations.
5. Sharing and subprocessors
We share information with service providers that help us run the Service, including:
- Supabase for authentication, database, and related infrastructure you trigger by using the Service. Supabase processes data under their terms and privacy policy.
- Google and GitHub when you choose those sign-in methods. Their use of data is governed by your relationship with them and their respective policies.
- Hosting and analytics providers (for example, deployment platforms) as needed to deliver the site and understand reliability.
We do not sell your personal information as "sale" is defined under U.S. state privacy laws. We do not share personal information with third parties for their independent marketing unless you clearly opt in.
6. International transfers
We and our providers may process information in countries other than where you live, including the United States and the region where your Supabase project is hosted. Where required, we use appropriate safeguards such as standard contractual clauses.
7. Retention
We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Some technical logs may be kept for a limited period for security and debugging.
8. Your choices and rights
Depending on your location, you may have rights to:
- Access, correct, or delete certain personal information we hold.
- Object to or restrict certain processing, or withdraw consent where processing is consent-based.
- Port your data where applicable.
- Lodge a complaint with a supervisory authority.
To exercise rights, contact us using the email address below. You can also revoke Lintora's access from your Google or GitHub account settings (that affects future sign-in through that provider but may not delete data we already hold; contact us for account deletion requests).
9. Children
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps to delete it.
10. Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage you to use unique provider accounts and protect your devices.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. If changes are material, we will provide additional notice as required by law.
12. Contact
Questions about this policy or your data: privacy@lintora.dev. We use this channel for privacy requests and data protection inquiries.