We try hard to protect your private data and do not collect anything more than needed for a successful operation of our service.

What we collect, why and how we process your data

Anonymous visitors

Cookies

A cookie is a small piece of data that is stored on your computer, mobile device or tablet. We use cookies for anonymous visitors for security purposes.

Access logs

If you're browsing the kritika.io website we log your IP, browser, previously visited website (a referer) information for security, audit and marketing purposes for 180 days.

Other not connected to personal data analytics (like number of visitors, page views etc) is stored for 24 months.

Registered free accounts

Everything mentioned for anonymous users plus the following.

Cookies

We use cookies for storing your user identifier for you to be able to login to Kritika.

Email

When creating an account on Kritika you share some private information with us, like email. We do not resell or in any way share this information with any third party services other than for functionality required for our service to operate (for example for sending email notifications or announcements).

We have three reasons to send an email to you:

  • Important announcements, service issues and data breaches. We reserve the right to use your email in order to notify you of important changes and doings (e.g. an update of this Privacy Policy).
  • Service-specific transactional emails with the results of our service functionality (e.g. your repository analysis results). This is highly recommended but is optional and can be configured in your user settings.
  • New blog posts, occasional news etc. This is optional and can be configured in your user settings.

For sending emails we use third-party services. Your email is used solely for sending notifications and is stored for a limited time.

Imported public repositories

All imported public repositories remain public on our service too. Be careful what you add to your public code.

Audit logs

For security purposes we store audit logs when you register, login, change your identity preferences and other important actions. They contain your username, IP address and browser information. These logs are kept for 24 months.

Data modification and export

You have the right to modify any personal data that you provide to us (email, billing information etc). You also have the right to export your personal data we've collected (from your user settings page).

Account removal

At any time you can delete your account by visiting your settings page. Your account will be marked inactive immediately and will be deleted during the next 30 days.

Registered paid accounts

Everything mentioned for free accounts plus the following.

Imported private repositories

All imported private repositories remain private on our service too. The code shared with us remains on our servers until you remove the repository (cleaned up daily) from our service or completely remove your account.

Payments

We do not store any sensitive payment information (credit card numbers). We do store irreversible tokens for recurring payments. For payment processing we use a PCI DSS compliant third-party service.

Billing information

We do store and share with our payment processor your billing information (like your full name and billing address). This information is modifiable by you at any time. We also use fraud protection tools provided by our partner as well.

We do share your billing information with our accounting partner. This is required by tax regulations authorities and for legal reasons.

Account removal

In addition to free account procedure we must mention that the invoices are kept for at least 7 years, which is required by EU laws.

Protecting your data

In order to make your usage of our service safe we follow these best practices:

  • Use industry standard Transport Security Layer (TLS) throghout the website.
  • Host our service at Hetzner. They have pretty good security standards (PDF).
  • Limit the storage of various technical information (logs, traces) to minimum but enough for security audits.
  • Constantly perform security audit and enforce best practices (like role based permissions, firewalls, software updates).

Data breach disclosure

In case of a data breach or any unauthorized activity on your data, you will be notified immediately with an explanation of what might have leaked and how to mitigate the risks. We will take any needed steps to investigate the issue.

Version

05.2018