Siirry sisältöön

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Softagram Oy collects, uses, and protects your personal data when you use the Softagram Analyzer platform and related services. We are committed to processing your data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.

1. Data Controller

  • Company: Softagram Oy
  • Address: Ketolanperantie 469, 90450 Kempele, Finland
  • VAT: FI25320043
  • Email: info@softagram.com

2. Data We Collect

We collect the following categories of personal data:

Account data:

  • Email address and display name
  • GitHub OAuth profile information (when using GitHub authentication)
  • Organization and team membership information

Repository metadata:

  • Repository names and structure
  • File paths and directory layouts
  • Dependency structures and relationships between code components
  • Commit metadata (author names, timestamps, commit messages)

We do not collect or store the actual content of your source code files beyond what is necessary for structural analysis.

Analysis results:

  • Dependency graphs and architecture visualizations
  • Impact analysis reports
  • Code health metrics and KPIs

Usage data:

  • Login timestamps and IP addresses
  • Feature usage patterns (anonymized)
  • Browser type and operating system

3. How We Use Your Data

  • Service delivery: Processing your repository data to generate architecture analysis, dependency graphs, and impact reports.
  • Account management: Authentication, authorization, and managing your subscription.
  • Product improvement: Using anonymized and aggregated usage data to improve the Service. We never use your repository data for this purpose.
  • Communication: Sending service-related notifications, security alerts, and important updates about your account.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service as described in our Terms of Service.
  • Legitimate interest (Art. 6(1)(f)): Processing for service improvement, security monitoring, and fraud prevention, where our interests do not override your fundamental rights.

5. Data Retention

  • Your account data and analysis results are retained while your account is active.
  • Upon account closure, your personal data and repository data are deleted within 30 days.
  • Anonymized and aggregated data (which cannot identify you) may be retained indefinitely for statistical purposes.
  • We may retain certain data longer if required by law or to resolve disputes.

6. Data Sharing

We do not sell your personal data. We may share your data only in the following circumstances:

  • Infrastructure providers: Hosting and cloud service providers located within the European Union, who process data on our behalf under data processing agreements.
  • GitHub: For OAuth authentication and pull request integration features. GitHub is based in the United States; see Section 7 for transfer safeguards.
  • Legal requirements: When required by law, court order, or to protect our legal rights.

7. International Data Transfers

Your data is primarily stored and processed on servers located within the European Union.

  • Transfers to GitHub (United States) for OAuth and PR integration are covered by data processing agreements and EU Standard Contractual Clauses (SCCs).
  • We do not transfer your data to countries outside the EU/EEA except as described above.

8. Your Rights

Under GDPR Articles 15-22, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Obtain a copy of your personal data.
  • Right to rectification (Art. 16): Correct inaccurate personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data.
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to restriction (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at info@softagram.com. We will respond to your request within 30 days.

9. Cookies

We use the following cookies:

  • Essential cookies: Session management and CSRF protection tokens. These are strictly necessary for the Service to function and cannot be disabled.
  • geoip_redirected: A cookie with a 30-day lifetime used to remember your language preference and prevent repeated automatic language redirects.
  • Analytics cookies: Anonymized usage analytics to help us improve the Service. These can be disabled in your browser settings without affecting Service functionality.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days notice by sending a notification to the email address associated with your account or by posting a prominent notice on the Service.

11. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your data protection rights:

  • Email: info@softagram.com
  • Address: Softagram Oy, Ketolanperantie 469, 90450 Kempele, Finland

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

  • Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
  • Website: tietosuoja.fi