Privacy Policy

1) What this policy covers

This policy explains how Rewrite collects and uses data when you use our website, guided flow, and API. Rewrite is a web-to-native iOS workflow that analyzes your repository, produces scoped cost quotes, and generates native handoff artifacts.

2) Data we collect

• Account data (for example GitHub profile id/login when you sign in with GitHub).
• Session data (scope answers, alignment preferences, review notes, generated artifact metadata).
• Repository inputs you provide (public repo URL or uploaded zip archive).
• Operational logs (request IDs, timestamps, status codes, and error diagnostics).
• Billing metadata from Stripe if checkout is enabled (for example checkout session id).

3) How we use data

• Run repo scan, quote, alignment, and native generation workflows.
• Authenticate users and associate sessions with accounts.
• Process payments and verify payment state.
• Improve reliability, debugging, and abuse prevention.

4) Security controls

• Transport security (HTTPS/TLS) should be enabled in production deployments.
• Sensitive OAuth tokens are stored encrypted when token encryption is configured.
• Access controls (API keys and JWT auth) are available and recommended for production.
• Uploaded repositories are processed in server work directories tied to a session id.

5) Data retention

Retention depends on your deployment configuration. If you self-host, you control retention windows and deletion schedules. If you use hosted infrastructure, contact support to request deletion for account or session data.

6) Third-party services

Rewrite may integrate with GitHub OAuth and Stripe Checkout. Those services have their own privacy terms. We only request the minimum scopes needed for sign-in and repo access flow.

7) Contact

Questions or deletion requests: use the Contact page in the app, or open an issue in the public repository.