Vigil

Privacy Policy

Last updated: March 2026

Overview

Vigil ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your data.

Data We Collect

Account Information

  • Email address (for authentication and communication)
  • Name (from GitHub profile)
  • Organization name

GitHub Repository Metadata

  • Repository names and IDs
  • Commit metadata (hash, author, timestamp, message)
  • Pull request metadata (number, title, author, status)
  • Code review information (reviewer, approval status)
  • Branch protection configurations

We never store your source code or file contents.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe may collect payment details in accordance with their privacy policy.

How We Use Your Data

  • Generate compliance evidence reports from your GitHub activity
  • Map repository metadata to compliance framework controls
  • Send transactional emails (verification, export completion)
  • Process subscription payments
  • Improve our service and fix issues

Data Security

  • All data is encrypted in transit (TLS 1.3)
  • Data at rest is encrypted
  • GitHub tokens are securely stored and encrypted
  • We use Supabase for database hosting with enterprise-grade security
  • Regular security reviews and updates

Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your data within 30 days, except where required by law.

Third-Party Services

  • GitHub - Repository data access (via OAuth)
  • Stripe - Payment processing
  • Supabase - Database hosting
  • Vercel - Application hosting
  • Resend - Transactional email

Your Rights

You have the right to:

  • Access your data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data
  • Revoke GitHub access at any time

Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email.

Contact

For privacy-related questions, open an issue on GitHub.

← Back to home