.breeze
Loading...

Command Palette

Search for a command to run...

Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, use, and protect your data when you use .breeze.

1. Controller

The controller responsible for data processing on this website is:

[TODO: Company name]

[TODO: Street address, Postal code, City, Country]

Email: [TODO: Email address]

2. Data We Collect

2.1 Account Data

When you create an account via GitHub OAuth, we collect:

Name, Email address, Profile image (from GitHub)

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of a contract.

2.2 Session Data

When you log in, we collect:

IP address, User agent (browser/device information)

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in securing our service and preventing unauthorized access.

2.3 Payment Data

When you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We store only your Stripe customer ID and subscription status. We do not store credit card numbers or bank account details.

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of a contract.

2.4 Analysis Data

When you upload a package.json file for analysis, we process dependency names, versions, license information, and vulnerability data. This data is stored in association with your account.

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of a contract.

2.5 API Keys

If you create API keys, we store a hashed version of the key along with a name and usage metadata. The original key is shown once and not stored.

Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of a contract.

3. Cookies

We use only technically necessary cookies:

  • Session cookie — required for authentication (set by our auth system, HttpOnly, expires with your session)
  • Locale cookie ("breeze-locale") — stores your language preference (1-year duration, SameSite: Lax)

Since we use only technically necessary cookies, no consent banner is required under TTDSG § 25(2).

4. Third-Party Services

4.1 Stripe (Payment Processing)

We use Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. When you initiate a payment, your name, email, and payment details are shared with Stripe. Stripe processes this data as an independent controller.

Stripe's Privacy Policy: https://stripe.com/privacy

4.2 GitHub (Authentication)

We use GitHub OAuth for authentication. When you sign in, GitHub shares your name, email address, and profile image with us. GitHub processes authentication data as an independent controller.

GitHub's Privacy Statement: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

5. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Specifically:

  • Account data: retained until you delete your account
  • Session data: retained for the duration of the session, then deleted
  • Analysis data: retained until you delete the analysis or your account
  • Payment records: retained as required by tax law (typically 10 years in Germany pursuant to § 147 AO)

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — download a copy of your personal data from your account page
  • Right to rectification (Art. 16 GDPR) — you can request correction of inaccurate data
  • Right to erasure (Art. 17 GDPR) — you can request deletion of your data
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR) — export your data as a machine-readable JSON file from your account page
  • Right to object (Art. 21 GDPR) — you can object to processing based on legitimate interest
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your right of access or data portability, use the "Download my data" button on your account page. For all other requests, contact us at: [TODO: Email address]

Competent supervisory authority: [TODO: Name and address of your state data protection authority]

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Password and API key hashing
  • Two-factor authentication (TOTP) option for user accounts
  • Access controls and role-based permissions

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date.