Privacy Policy

Last updated: February 18, 2026

1. Who We Are

Pharaoh is operated by 2407066 Alberta Inc. This policy explains what data we collect, why, and how we protect it.

2. Data We Collect

Category	What	Why
GitHub identity	Username, org membership, installation ID	Authentication, authorization, tenant isolation
Repository metadata	Function names, file paths, module boundaries, dependency edges, complexity scores, export signatures	Knowledge graph construction (our core service)
Billing	Stripe customer ID, subscription status	Subscription management
Usage logs	Which MCP tools were called, timestamps, tenant ID	Rate limiting, debugging, audit trail

3. Data We Do NOT Collect

Source code. We parse structural metadata using tree-sitter and discard the source immediately after parsing. No file contents, comments, string literals, or code bodies are stored. Credit card numbers. Payment is handled entirely by Stripe. We never see or store card details.

4. How Data Is Stored

Repository metadata is stored in Neo4j (graph database) with each customer in a dedicated database. Operational data (tenant records, OAuth sessions, audit logs) is stored in PostgreSQL. Both are hosted on infrastructure with encryption at rest and in transit. GitHub tokens are encrypted with AES-256-CBC before storage.

5. Data Sharing

We do not sell your data. We share data only with:

Stripe — billing and payment processing
GitHub — OAuth authentication and repository access
Infrastructure providers — Render (hosting), Neo4j Aura (graph database)

All providers are bound by their own privacy policies and data processing agreements.

6. Data Retention

Repository metadata is refreshed on every push and reflects the current state of your codebase. When you uninstall the GitHub App or delete your account, we delete your knowledge graph and tenant data within 30 days. Audit logs are retained for 90 days.

7. Your Rights

You can: request a copy of your data, ask us to delete your data (uninstall the GitHub App or email us), and update your billing information via the customer portal. For any data request, email privacy@pharaoh.so.

8. Cookies

We use session cookies for OAuth authentication only. No tracking cookies, no analytics pixels, no third-party ad trackers.

9. Changes

We may update this policy. Material changes will be communicated via the email associated with your GitHub account. The “last updated” date at the top indicates when the policy was last revised.

10. Contact

Privacy questions: privacy@pharaoh.so