Privacy Policy

Danda collects only what we need to deliver the service. We do not sell data, we do not use your repository contents to train AI models, and we purge inference traces at the end of each engagement. For healthcare engagements involving PHI, we sign a HIPAA Business Associate Agreement.

• Email address — to send the findings.
• Repository URL — to clone and analyze the public repo.
• IP address — for rate limiting (max 3 previews per IP per 24 hours).
• User-agent string — for abuse-pattern detection.
• Findings produced — for our own quality monitoring and to support email re-delivery if the original send fails.

Retention. Free-preview lead records are kept for 90 days, then deleted. You can request earlier deletion at any time by emailing hello@danda.sh.

• Customer email — for confirmation, intake, and delivery.
• Stripe payment data — handled by Stripe; we receive only the session reference, not card numbers.
• Repository URL + cloud provider selection — collected at intake.
• Signed consent attestation — name, title, email of the signing authority + the attestation text.
• Repository contents — processed in-memory during analysis. Not persisted after the artifact is delivered.
• Cloud configuration data — collected via read-only CLI calls; processed in-memory; not persisted.
• SQL probe results — entered by you in the operator console; processed in-memory; not persisted.
• The signed artifact bundle — stored for the duration of the engagement and 30 days after delivery (the share-link TTL), then deleted.

• We do not collect database credentials, API keys, or any other live secret.
• We do not collect PHI (protected health information) directly. PHI may be inferred from PHI-flow tracing during analysis but is processed in-memory and never stored.
• We do not collect financial data beyond the Stripe session reference (Stripe holds card data).
• We do not collect tracking cookies for advertising. The site uses one optional cookie to remember your light/dark theme preference.

Danda uses large language models to perform code reading and synthesis. Specifically:

• Repository contents are sent to model providers as input for analysis. PII is redacted before model calls where detected.
• Inference traces are kept only for the duration of the engagement, then purged.
• We do not enroll your data in any "use my data to train models" optional program offered by the model provider. We use the zero-retention API tiers where the provider offers them.
• Our subprocessors are Anthropic (Claude family of models, primary), OpenAI (GPT family, fallback). Listed providers may change — material changes will be posted here with an updated date.

For healthcare engagements that may involve PHI, ProductLove, Inc. signs a HIPAA Business Associate Agreement (BAA) at engagement start. The BAA covers our handling of any PHI that enters Danda's analysis pipeline. Request the BAA template at hello@danda.sh.

Customer records (email, intake form, signed attestation, audit metadata) are stored in PostgreSQL hosted on Railway (US region). Stripe payment data is held by Stripe per their own privacy policy. Email delivery is handled by Resend.

You can request access to, correction of, or deletion of your data at any time by emailing hello@danda.sh. We respond within 7 business days. For deletion: we honor requests within 30 days of receipt; some records may be retained longer if required by law (e.g., financial records for tax purposes).

EU/UK residents: GDPR data subject rights apply. California residents: CCPA rights apply. We do not sell personal data and do not engage in cross-context behavioral advertising.

If we discover a security incident affecting your data, we will notify you within 72 hours of confirmation. For healthcare engagements, the HIPAA breach-notification clock starts with your discovery determination, not ours.

Questions, requests, or concerns: hello@danda.sh. Operator: Travis McElfresh, ProductLove, Inc., Delaware.