Legal

Privacy Policy

Effective April 14, 2026

1. Overview

PDMCGuard ("we", "us", "our") is operated by pragmaticdevs. This Privacy Policy explains what information we collect when you use the PDMCGuard daemon, dashboard, and related services, how we use that information, and the choices you have.

2. Information We Collect

We collect the following categories of information:

  • Account dataEmail address and authentication credentials provided when you sign up via Clerk.
  • Project metadataLock file snapshots, dependency names and versions, project paths, machine hostnames, and Git context (branch, commit hash, remote URL).
  • Advisory match dataRecords of advisory matches generated when a dependency version is flagged by an upstream security feed.
  • Usage dataDashboard page views, feature interactions, and error logs used to improve the product.
  • Billing dataSubscription status and payment method metadata processed by Stripe. We never store raw card numbers.

3. How We Use Your Information

  • To operate the daemon sync service and deliver alerts to your dashboard.
  • To match your lock file snapshots against advisory feeds and notify you of vulnerabilities.
  • To process subscription payments and manage your account.
  • To send transactional emails (alert digests, billing receipts) and, if opted in, product updates.
  • To diagnose issues, improve reliability, and develop new features.

4. Third-Party Services

We use the following sub-processors. Each operates under their own privacy policy:

Clerk
Authentication & user management
Privacy policy →
Supabase
Database & real-time sync
Privacy policy →
Stripe
Payment processing & billing
Privacy policy →

5. Data Retention

Project metadata and advisory records are retained for as long as your account is active. Lock file snapshot history older than 12 months is pruned automatically. You may request deletion of your account and all associated data at any time by emailing privacy@pragmaticdevs.com.

6. Security

Data in transit is encrypted with TLS 1.3. Sensitive payloads (lock file contents) are additionally encrypted with AES-256-GCM before leaving your machine. We apply row-level security policies in Supabase to ensure each user can only access their own data.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, port, or delete the personal data we hold about you. To exercise any of these rights, contact us at privacy@pragmaticdevs.com.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice in the dashboard. Continued use of PDMCGuard after a change constitutes acceptance of the updated policy.

9. Contact

Questions about this Privacy Policy? Email privacy@pragmaticdevs.com.

arrow_backBack to HomeTerms of Use →