Privacy Policy
Last updated July 4, 2026
ClaudeRabbit is a free, no-login-required tool: paste a public GitHub repo and get back a safety score. You can use the entire product — scanning, reports, the CLI, the MCP server — without ever creating an account. This page covers what we collect on the rare path where you do sign in, and what little else we collect for everyone.
If you don't sign in
We don't collect anything that identifies you. To stop abuse (e.g. someone hammering the scan endpoint), we generate a short-lived, hashed device identifier tied to your browser session purely to count requests against a burst rate limit. It isn't linked to a name, an email, or any profile, and it isn't used to track you across sessions or sites.
If you sign in with Google or email
Signing in is optional and only exists to save your scan history across visits. If you do, we store:
- Your name and email address, from your Google profile or the email you sign in with.
- A generated placeholder avatar seed — not a photo, and we don't request or store one.
- Your scan history: which repos you scanned, when, and the resulting score, so your dashboard can show it back to you.
That's the complete list. We don't collect payment details (the product is free), device fingerprints beyond the anonymous rate-limit ID above, or any analytics profile tied to your identity.
What we never do
We never sell your data, and we never share it with third parties for their own marketing or advertising purposes. Full stop.
Who processes it on our behalf
Running ClaudeRabbit requires a small number of infrastructure providers acting strictly on our instructions, never on their own:
- Supabase — hosts our database, authentication, and edge functions.
- Google — provides Google Sign-In if you choose that login method.
- Google Cloud (Vertex AI) — powers the model that reads and scores the public repo code you ask us to scan. It does not process your account profile.
Public scan reports
A scan report itself (the repo's score, findings, and evidence) is about public GitHub code and is published permanently at /owner/repoby design — that's the product. Your account identity is never attached to a public report; your own scan history is visible only to you, behind login.
Retention and deletion
Your account data lives until you ask us to remove it. Open an issue on our GitHub repo from the email on file and we'll delete your profile and scan history. You can sign out at any time from the account menu.
Cookies
We use one functional cookie set by Supabase Auth to keep you signed in. We don't use advertising or third-party tracking cookies today. If that changes, we'll update this policy first — see our Terms of Service for the advertising clause.
Children's privacy
ClaudeRabbit is not directed at children under 13, and we don't knowingly collect their data.
Changes to this policy
If this policy changes, we'll update the date at the top of this page. Material changes will be reflected here before they take effect.
Contact
Questions about this policy? Open an issue on GitHub.