Privacy Policy

1. Data Controller

Controller: SentraFlow

Email: contact@sentraflow.com

2. Types of data collected

2.1 Identification data

• Username
• Email associated with account

2.2 Technical data

• IP address
• Browser information (User-Agent)
• Connection timestamps
• Application operation logs

2.3 Source code data

• Repository metadata: names, descriptions, languages used
• Code content: for analysis only (read-only access)
• Analysis results: generated by AI

⚠️ Important: We only access repositories you explicitly authorize.

3. Processing purposes

Your data is processed for:

3.1 Main purposes

• Authentication via GitHub OAuth
• Code analysis by artificial intelligence
• Storage of results for later consultation

3.2 Secondary purposes

• Technical support in case of issues
• Security and abuse prevention

4. Legal basis for processing

• Contract execution: providing analysis service (ToU)
• Consent: for access to GitHub data
• Legitimate interest: service improvement and security

5. Data recipients

5.1 Third-party services used

• GitHub: for authentication and repository access
• GroqCloud: for AI analysis (your code is processed temporarily)
• Supabase: for secure storage of results
• Vercel: for application hosting

5.2 International transfers

• United States: GroqCloud, GitHub, Vercel (protected by adequate safeguards)
• European Union: Supabase (data stored in EU)

All transfers are secure and GDPR compliant.

6. Data retention period

• Authentication data: deleted upon final disconnection
• Analysis results: kept as long as your account is active

7. Your rights (GDPR)

You have the following rights:

7.1 Right of access

You can request what data we hold about you.

7.2 Right of rectification

You can correct your inaccurate data.

7.3 Right to erasure ("right to be forgotten")

You can request deletion of your data.

7.4 Right to data portability

You can retrieve your data in a structured format.

7.5 Right to object

You can object to processing for legitimate reasons.

7.6 Right to restriction

You can request restriction of processing.

How to exercise your rights?

Contact us at: contact@sentraflow.com with proof of identity.

Response time: maximum 1 month.

8. Data security

8.1 Technical measures

• Data encryption in transit (HTTPS/TLS)
• Data encryption at rest in Supabase
• Secure authentication via OAuth GitHub
• Restricted data access (principle of least privilege)

8.2 Organizational measures

• Limited data access by our team
• Access logging for traceability
• Incident management procedures
• Data security training

9. Cookies and trackers

SentraFlow currently uses no cookies on the website. Only session data necessary for application operation is stored temporarily (GitHub authentication).

10. Minors' data

Our service is not intended for minors under 16 years old. If you are under 16, you must not use SentraFlow without parental authorization.

11. Policy modifications

This policy may be updated to reflect service or regulatory changes. Important modifications will be notified by:

• Email (if we have your address)
• Application notification
• Date update at the top of this document

12. Contact and complaints

12.1 Contact

For any questions about this policy:

Email: contact@sentraflow.com

12.2 Complaints

If you believe your rights are not respected, you can contact the relevant data protection authority:

• Website: https://www.cnil.fr (for France)
• Address: CNIL, 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

13. AI transparency

Your code analysis uses the Llama model via GroqCloud:

• Your code is processed temporarily to generate analysis
• The AI model does not specifically learn from your code
• Results are generated automatically and may contain errors
• You maintain full control over the use of results

This policy complies with GDPR and data protection laws.