GeekWala Privacy Policy | GeekWala
Loading...
Skip to main content
GeekWala

How We Handle Your Data

How we collect, use, and protect your information.

Last updated: January 30, 2026

This Privacy Policy explains how GeekWala collects, uses, and shares information when you use our services. We do not sell your personal information.

GeekWala is operated by GeekWala, a Texas-based sole proprietorship.

1. Information We Collect

  • Account data: name, email, password hash, and account settings.
  • Billing data: subscription status and transaction metadata from Stripe. We do not store full payment card numbers.
  • Product data: projects, package names and versions, scan results, notifications, and API token metadata.
  • Usage data: logs and device information such as IP address, timestamps, browser type, and pages viewed.
  • Integrations: if you connect GitHub or Google, we receive profile data and access tokens needed to perform the integration.
  • Support communications: messages sent through the contact form or email.

We do not store application source code. Dependency manifests are processed to extract package metadata needed for scanning.

Anonymous scans are processed without creating an account. Scan results are stored in your session and may not persist after the session ends. Authenticated scans are stored to power dashboards, alerts, and exports.

2. How We Use Information

  • Provide, operate, and improve the service.
  • Run scans, generate results, and send notifications.
  • Process billing and manage subscriptions.
  • Detect and prevent fraud, abuse, and security incidents.
  • Analyze usage to improve performance and user experience.
  • Comply with legal obligations and enforce our terms.

3. Sharing and Disclosure

We share information only as needed to provide the service, including with:

  • Vulnerability data providers: package names and versions are sent to OSV to perform scans.
  • Payment processing: Stripe for subscription billing.
  • Email delivery: providers such as Postmark, Resend, or Amazon SES.
  • Analytics and monitoring: Google Analytics (if enabled) and Sentry for error monitoring.
  • Authentication: Google or GitHub OAuth when you choose to connect those accounts.
  • Webhooks and Slack: scan event payloads sent to endpoints you configure, including Slack webhooks.

We may also disclose information if required by law, to protect our users, or to enforce our agreements. We do not sell personal information and we do not use personal data for targeted advertising.

Our subprocessors may change over time. We may add, replace, or remove providers to improve reliability or features, and we will update this policy as needed.

We do not share source code, secrets, or credentials with third parties, except for the limited metadata needed to perform scans or when you direct us to send data to your own integrations.

3.1 Subprocessors

We use trusted third-party subprocessors to deliver the service. These may change over time. Current subprocessors include the following:

Subprocessors that may receive personal data

  • Stripe (billing and payments)
  • Sentry (error monitoring)
  • Google Analytics (usage analytics, if enabled)
  • Postmark / Resend / Amazon SES (transactional email delivery)
  • Google / GitHub (OAuth authentication, if connected)
  • Slack (webhook notifications, if configured)

Public data sources (do not receive personal data)

  • OSV (vulnerability data lookups)
  • FIRST.org EPSS (exploit prediction scores)
  • CISA KEV Catalog (known exploited vulnerabilities)

We will update this list as providers change and make reasonable efforts to keep it current. If we add or replace a subprocessor that handles personal data, we will update this policy before the new subprocessor begins processing. You can review the "Last updated" date at the top of this page to track changes.

4. Cookies and Analytics

We use essential cookies for authentication and security, and analytics cookies to understand site usage. You can control analytics consent through the cookie banner.

Cookie retention periods

  • Session cookie: expires when you close your browser, or after 2 hours of inactivity.
  • Remember-me cookie: up to 30 days (if you select "Remember me" at login).
  • CSRF token: expires with your session.
  • Cookie consent preference: up to 1 year.
  • Analytics cookies (Google Analytics): up to 2 years, if enabled.

5. Data Retention

We retain data for as long as needed to provide the service and meet legal obligations. Scan history retention depends on your plan (for example, 30 days for Free and 1 year for Pro). Deleted data may persist in backups for a limited period.

6. Security

We use administrative, technical, and organizational safeguards to protect your information. No method of transmission or storage is 100 percent secure.

7. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or export your data, and to object to certain processing. You can manage notifications and account data in your settings or by contacting us.

You may request account deletion by emailing support@geekwala.com. We will make a best effort to delete your data within 30 days, subject to legal or operational retention requirements (for example, billing records and backups).

8. GDPR (EEA/UK) Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, GeekWala is the data controller for your personal data. You may have rights to access, correct, delete, restrict, or object to our processing, to receive a portable copy of your data, and to withdraw consent where processing is based on consent. You can also lodge a complaint with your local supervisory authority.

To exercise these rights, contact us at support@geekwala.com.

9. Legal Bases for Processing (GDPR)

We process personal data based on contractual necessity (providing the service), legitimate interests (security, fraud prevention, and service improvement), legal obligations, and consent where required.

10. International Transfers

If you access GeekWala from outside the United States, your information may be processed in the United States or other countries where we and our providers operate.

11. Children

GeekWala is not intended for individuals who are under the age of majority in their jurisdiction. We do not knowingly collect personal information from minors.

12. Changes

We may update this policy from time to time. Continued use of the service after changes become effective means you accept the updated policy.

13. Contact

Questions about privacy can be sent to support@geekwala.com.