Privacy Policy
The short version. Your source code is analyzed and immediately deleted — we keep your report card, not your code, and we keep it under a pseudonym, not your name. No client telemetry, no ad trackers, no selling data. One button deletes everything.
1. What we collect
- Account identity: the handle your key is issued to (your GitHub login for GitHub sign-in, or a chosen name), and your email if you contact us or it's part of your plan's billing. API keys are stored only as SHA-256 hashes.
- Report cards: scores, grades, gate outcomes, and findings (including file paths of flagged code) for the repositories you scan — stored under a pseudonymous account id derived one-way from your handle, so the stores themselves never contain your name.
- Operational data: request logs and service telemetry keyed by the same pseudonym, plus rate-limit counters by IP address for abuse protection.
- Cookies: an http-only session cookie when you log into the dashboard. No advertising or cross-site cookies.
2. What we never keep
- Your source code. Uploads are extracted to a temporary directory, scored, and deleted the moment scoring finishes — every scan, no exceptions.
- Your git history. The CLI computes git statistics locally;
.gitnever leaves your machine. - Client telemetry. The CLI phones home nothing; all measurement is server-side.
3. Plan-dependent visibility
On the Community plan, your handle is deliberately your public profile — that visibility is the price of free, and it is disclosed at signup and shown in your dashboard. Your scores remain private until you create a share link. On Vibe and Enterprise plans your identity is never displayed. Public share pages are opt-in, redacted (scores and structure only — never file paths or findings), and deletable.
4. Who processes data for us
We use a small set of infrastructure providers: Fly.io (hosting, US), GitHub (sign-in verification only — we see your public login, never your repositories), Google Workspace (email), and Honeycomb (service telemetry keyed by pseudonym, when enabled). We do not sell or rent personal information to anyone.
5. Retention and deletion
Report cards and score history are kept until you delete them. Delete my data in your dashboard permanently removes every report, score row, and share link tied to your account, immediately. The key registry retains your key's issued-to name until the key is revoked — email privacy@bench.fit and we'll remove that too. Backups age out on a short rotation.
6. Your rights
Ask us at privacy@bench.fit to access, correct, or delete the data tied to your account, wherever you live; we honor these requests without requiring a legal citation. If you are in a jurisdiction with statutory privacy rights (e.g., GDPR or CCPA), those rights apply to the data described above.
7. Security
Transport is TLS-only; API keys are stored hashed; identity is pseudonymized end to end; retention is minimal by design. No system is perfectly secure — if we learn of a breach affecting your data we will notify you at the email we have for you.
8. Children and changes
BenchFit is not directed to children under 16. We'll post any material changes to this policy here with a new effective date. See also the Terms of Service.
BenchFit← bench.fit