Privacy

Last updated: 2026-04-29 — placeholder. Final policy ships with v1.0 launch and will be reviewed by counsel.

What we collect

• Account email + name (Clerk auth, EU)
• Scan input (URL, repo URL, commit SHA, diff)
• Detection output (DOM analysis only — no PII from scanned sites)
• Anonymous product analytics via self-hosted PostHog (analytics.blamer.ai, hosted in EU)

What we don't collect

• End-user PII from sites you scan
• Source code outside the lines flagged by detection rules
• Third-party trackers or ad networks

Where it lives

All scan data + analytics in the EU (eu-north-1 / Hetzner FSN1). Retention default 30 days; Enterprise tier 7 years for EU AI Act audit-trail.

Questions: privacy@blamer.ai.