Data Handling

Last updated: January 7, 2026

A short summary of how SecAlly handles code and data. For details, see our Privacy Policy.

• GitHub access: Only the organizations and repositories you grant access to. We read repo metadata, diffs, issues, comments, and the minimum code/config needed to scan.
• AI transmission: We send selected snippets and the minimum context needed to interpret them.
• Code retention: We do not store your code. Code is processed in transit during scans only.
• Data retention: We keep account and scan results while your account is active and as needed to provide the service. Backups and logs may retain data for a limited period after deletion.
• Not used to train: We configure AI providers so data sent through SecAlly is not used to train AI models where those options exist. We do not use the source code to train AI models.
• Remove access: Uninstall the SecAlly GitHub App, revoke OAuth access in GitHub, or email support@secally.com to request data deletion.