Last updated: March 26, 2026

Privacy Policy

1) What this policy covers

This policy explains how Rewrite collects and uses data when you use our website, guided flow, and API. Rewrite is a web-to-native workflow that analyzes your repository, produces scoped cost quotes, and generates native handoff artifacts for iOS and Android.

2) Data we collect

  • Account data (for example GitHub profile id/login when you sign in with GitHub).
  • Session data (scope answers, alignment preferences, review notes, generated artifact metadata).
  • Repository inputs you provide (public repo URL or uploaded zip archive).
  • Operational logs (request IDs, timestamps, status codes, and error diagnostics).
  • Billing metadata from Stripe if checkout is enabled (for example checkout session id).
  • Product analytics when enabled (PostHog): page views, button clicks, and named funnel events such as starting a preview or completing a deposit. We use this to see which parts of the site work — not to sell your data.

3) How we use data

  • Run repo scan, quote, alignment, and native generation workflows.
  • Authenticate users and associate sessions with accounts.
  • Process payments and verify payment state.
  • Improve reliability, debugging, and abuse prevention.

4) Security controls

  • Transport security (HTTPS/TLS) should be enabled in production deployments.
  • Sensitive OAuth tokens are stored encrypted when token encryption is configured.
  • Access controls (API keys and JWT auth) are available and recommended for production.
  • Uploaded repositories are processed in server work directories tied to a session id.

5) Data retention

Retention depends on your deployment configuration. If you self-host, you control retention windows and deletion schedules. If you use hosted infrastructure, contact support to request deletion for account or session data.

6) Third-party services

Rewrite may integrate with GitHub OAuth, Stripe Checkout, and PostHog (site analytics when configured). Those services have their own privacy terms. We only request the minimum scopes needed for sign-in and repo access flow.

7) Contact

Questions or deletion requests: use the Contact page in the app, or open an issue in the public repository.