🔒 Privacy Policy
Last Updated: 2025-12-11
Our Commitment
Privacy is central to BigHole's mission. We are committed to minimal data collection
and maximum transparency.
Data We Collect
| Data Type |
Purpose |
Retention |
Storage |
| Secret Hash (SHA-256) |
Deduplication (prevent repeat notifications) |
48 hours |
Encrypted |
| Repository URL |
Notification targeting |
48 hours (hashed after notification) |
Encrypted |
| Notification Status |
Prevent spam |
7 days |
Encrypted |
| Aggregated Statistics |
Transparency dashboard |
Indefinite |
Anonymous |
Data We NEVER Collect
- ❌ Raw Secrets: We NEVER store actual API keys, tokens, or credentials
- ❌ Private Repository Data: We only scan public repositories
- ❌ Personal Information: Beyond GitHub usernames (public info)
- ❌ Browsing History: No tracking cookies or analytics
Data Processing
When we detect a potential secret:
- Generate SHA-256 hash for deduplication
- Verify liveness with minimal API call
- Send notification to repository owner
- Delete detection data after 48 hours
Third-Party Services
| Service |
Purpose |
Data Shared |
| GitHub API |
Code search, notifications |
Search queries (public patterns) |
| Upstash Redis |
Encrypted data storage |
Encrypted hashes only |
Your Rights (GDPR/CCPA)
- Access: Request what data we have about you
- Deletion: Request deletion of your data
- Opt-Out: Stop scanning your repositories
- Portability: Export your data in machine-readable format
Security Measures
- AES-256-GCM encryption at rest
- TLS 1.3 encryption in transit
- No logs containing sensitive data
- Automatic data expiration (TTL)
- Access controls and audit logging
Children's Privacy
BigHole does not knowingly collect data from children under 13.
Contact
For privacy inquiries: Open an issue on our GitHub repository or use the opt-out form.
← Back to Home