Privacy Policy

1. Information We Collect

When you use the Jackfruit ARF platform, we collect:

• Account information: GitHub username, email, avatar URL, and organization memberships (via GitHub OAuth)
• Repository metadata: File paths, dependency manifests, configuration files, CI/CD pipeline definitions (read-only access)
• Assessment data: Maturity level scores, evidence summaries, remediation recommendations
• Cloud metadata: AWS IAM configurations, service settings (if you connect a cloud account)
• Usage data: Page views, feature usage, and assessment history

2. What We Do NOT Collect

• Source code content (analyzed in memory only, never stored)
• Secrets, credentials, or environment variables
• Private communication or messages
• Personal data beyond GitHub profile information

3. How We Use Your Information

• To perform and deliver readiness assessments
• To generate remediation recommendations
• To improve the ARF protocol and scoring methodology
• To produce aggregated, anonymized research data (no individual identification)

4. Data Security

GitHub OAuth tokens and AWS credentials are stored encrypted at rest. All data transmission occurs over HTTPS. Access to assessment data is restricted to authenticated account owners. We implement industry-standard security practices to protect your data.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties. Aggregated, anonymized assessment data may be used in published research (such as the ARF benchmark study). Your individual assessment results are never shared without your explicit consent.

6. Your Rights

You have the right to:

• Access your assessment data at any time through the dashboard
• Request deletion of your account and all associated data
• Revoke GitHub OAuth access through your GitHub settings
• Revoke cloud connections through the dashboard
• Export your assessment data in standard formats

7. Contact

For privacy-related inquiries, please contact privacy@jackfruit.ai.