LEGAL

PRIVACY POLICY

Name: Sailop
Author: Sailop

LAST UPDATED: APRIL 1, 2026

1. OVERVIEW

Sailop ("we", "us", "our") operates the sailop.com website and the Sailop CLI tool. This policy explains what data we collect, why we collect it, how we store it, and your rights regarding that data. We are committed to GDPR compliance and treat all user data with the same standard regardless of geographic location.

2. DATA WE COLLECT

We collect the following categories of data:

Account information: Email address, display name, and authentication provider (Google or GitHub OAuth).
Usage data: Feature usage frequency, scan counts, CLI command invocations, and error reports. This is aggregate data and does not include the content of your code.
Scan results: When you use the web scanner, we store the resulting slop score and dimension breakdown. We do not store the source code you scan.
Payment information: Billing details are processed and stored by Stripe. We never see or store your full card number, CVV, or bank account details. We retain your Stripe customer ID and subscription status.
Session data: We use secure HTTP-only cookies to maintain your session. No third-party tracking cookies are used.

3. HOW WE USE YOUR DATA

To authenticate you and maintain your account.
To process payments and manage subscriptions via Stripe.
To provide scan results, history, and usage statistics in your dashboard.
To improve the product by analyzing aggregate usage patterns (never individual code).
To send transactional emails (account confirmation, password reset, payment receipts). We do not send marketing emails unless you explicitly opt in.

4. AUTHENTICATION

We use Google OAuth and GitHub OAuth for authentication. When you sign in, we receive your email address and public profile name from the provider. We do not receive or request access to your repositories, files, contacts, or any other data beyond basic profile information.

5. DATA STORAGE AND SECURITY

Your data is stored in a PostgreSQL database hosted on encrypted infrastructure. All connections to our database are encrypted via TLS. Backups are encrypted at rest. Access to production data is restricted to essential personnel only and requires multi-factor authentication.

6. COOKIES

We use strictly necessary cookies to maintain your session. These are secure, HTTP-only cookies that expire when your session ends or after 30 days of inactivity. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. No data is shared with ad networks.

7. THIRD-PARTY SERVICES

Stripe: Payment processing. Subject to Stripe's Privacy Policy.
Google OAuth: Authentication only. Subject to Google's Privacy Policy.
GitHub OAuth: Authentication only. Subject to GitHub's Privacy Statement.

We do not use Google Analytics, Facebook Pixel, Hotjar, Mixpanel, or any other behavioral tracking tool.

8. CLI TOOL PRIVACY

The Sailop CLI runs entirely on your local machine. Your code is never sent to our servers. Scan results are computed locally. The only network requests the CLI makes are for license validation (a single API call that sends your license key, not your code) and optional update checks.

9. YOUR RIGHTS UNDER GDPR

If you are located in the European Economic Area, you have the right to:

Access: Request a copy of all personal data we hold about you.
Rectification: Correct any inaccurate data.
Erasure: Request deletion of your account and all associated data.
Portability: Receive your data in a machine-readable format.
Restriction: Restrict processing of your data under certain conditions.
Objection: Object to processing of your data for specific purposes.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. DATA RETENTION

We retain your account data for as long as your account is active. If you delete your account, we erase all personal data within 30 days. Anonymized, aggregate usage statistics may be retained indefinitely as they cannot be linked back to any individual.

11. CHILDREN

Sailop is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

12. CHANGES TO THIS POLICY

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. If changes are material, we will notify you by email.

CONTACT

For any privacy-related questions or requests, email [email protected].

[ LOADING ]