Privacy Policy

Last updated July 4, 2026

ClaudeRabbit is a free, no-login-required tool: paste a public GitHub repo and get back a safety score. You can use the entire product — scanning, reports, the CLI, the MCP server — without ever creating an account. This page covers what we collect on the rare path where you do sign in, and what little else we collect for everyone.

If you don't sign in

We don't collect anything that identifies you. To stop abuse (e.g. someone hammering the scan endpoint), we generate a short-lived, hashed device identifier tied to your browser session purely to count requests against a burst rate limit. It isn't linked to a name, an email, or any profile, and it isn't used to track you across sessions or sites.

If you sign in with Google or email

Signing in is optional and only exists to save your scan history across visits. If you do, we store:

That's the complete list. We don't collect payment details (the product is free), device fingerprints beyond the anonymous rate-limit ID above, or any analytics profile tied to your identity.

What we never do

We never sell your data, and we never share it with third parties for their own marketing or advertising purposes. Full stop.

Who processes it on our behalf

Running ClaudeRabbit requires a small number of infrastructure providers acting strictly on our instructions, never on their own:

Public scan reports

A scan report itself (the repo's score, findings, and evidence) is about public GitHub code and is published permanently at /owner/repoby design — that's the product. Your account identity is never attached to a public report; your own scan history is visible only to you, behind login.

Retention and deletion

Your account data lives until you ask us to remove it. Open an issue on our GitHub repo from the email on file and we'll delete your profile and scan history. You can sign out at any time from the account menu.

Cookies

We use one functional cookie set by Supabase Auth to keep you signed in. We don't use advertising or third-party tracking cookies today. If that changes, we'll update this policy first — see our Terms of Service for the advertising clause.

Children's privacy

ClaudeRabbit is not directed at children under 13, and we don't knowingly collect their data.

Changes to this policy

If this policy changes, we'll update the date at the top of this page. Material changes will be reflected here before they take effect.

Contact

Questions about this policy? Open an issue on GitHub.