Preflight

Last updated June 28, 2026

Privacy Policy

This page explains what Preflight collects, why it is collected, and how it is used to run security audits and reports.

Information we collect

  • Account information such as your name, email address, authentication provider, plan, and billing status.
  • GitHub installation and repository metadata needed to show connected apps, start audits, fetch audit artifacts, and keep repository state current.
  • Audit inputs and outputs, including repository name, branch, workflow state, findings, raw reports, AI reports, live audit target URL, and related timestamps.
  • Payment and subscription information handled through Stripe. Preflight does not store full card numbers.
  • Basic product analytics, logs, device, and request information needed to operate, debug, secure, and improve the service.

How we use information

  • To authenticate users, manage accounts, connect GitHub apps, run audits, generate reports, enforce plan limits, and provide support.
  • To detect abuse, protect the service, troubleshoot failed audits, and improve product reliability.
  • To generate AI-assisted report summaries from audit data. AI output is cached so reports do not need to be regenerated unnecessarily.

Repository and live audit data

  • Preflight accesses repositories only through the permissions granted by your GitHub installation and audit configuration.
  • Live audits require HTTPS domain ownership verification. Private IPs, localhost, credentials in URLs, and custom ports are blocked by default.
  • Audit artifacts and workflow identifiers may be stored internally so the server can poll status and fetch reports, but the dashboard avoids exposing private runner details.

Service providers

  • We may use providers such as GitHub, Google, Stripe, database hosting, deployment infrastructure, and AI model providers to operate Preflight.
  • These providers process data only as needed for authentication, billing, storage, audit execution, report generation, infrastructure, or support.

Data retention and deletion

  • We keep account, billing, audit, and report records for as long as needed to provide the service, meet legal obligations, resolve disputes, and maintain security records.
  • You can request deletion of your account or audit data by contacting us. Some records may be retained where required for billing, abuse prevention, security, or legal compliance.

Security

  • We use access controls, scoped integrations, private server-side secrets, and operational safeguards to protect customer data.
  • No internet service can be guaranteed perfectly secure. You are responsible for keeping your GitHub, Google, and team accounts secure.

Contact

  • Questions or data requests can be sent to emanuel.dervishi.dev@gmail.com.
  • This policy may be updated as Preflight changes. Material updates will be reflected on this page.
See also Terms of Service.