Privacy Policy

Last updated: December 11, 2025

EpochCore ("we", "us", or "our") operates Integrity Gate, a GitHub App for file integrity verification. This Privacy Policy describes how we collect, use, and protect your information.

      Summary: We only collect data necessary to provide our service. We never sell your data. We use industry-standard security practices to protect your information.
    

1. Information We Collect

1.1 Information from GitHub

When you install Integrity Gate, we receive from GitHub:

Account Information: Your GitHub username and account ID
Repository Information: Names and IDs of repositories where the app is installed
Webhook Events: Push events, including commit SHAs, file paths, and author information
Installation Data: Installation ID and permissions granted

1.2 Information We Generate

Through our service, we create and store:

Integrity Seals: BLAKE3 hashes and quantum signatures for your files
Verification Records: Logs of integrity checks performed
Coherence Metrics: Aggregate statistics about seal coverage

1.3 Information We Do NOT Collect

File contents (we only process hashes)
Source code
Personal emails (unless you contact support)
Payment information (handled by GitHub Marketplace)

2. How We Use Your Information

We use collected information to:

Provide file integrity verification services
Generate and verify cryptographic seals
Post commit status checks to your repositories
Improve and maintain our service
Respond to support requests
Comply with legal obligations

3. Data Storage and Security

3.1 Where We Store Data

Your data is stored on:

Cloudflare D1: Database for seals and verification records
Cloudflare R2: Object storage for seal files
Cloudflare Workers: Edge computing for processing

All data is encrypted at rest and in transit.

3.2 Security Measures

TLS 1.3 encryption for all connections
HMAC-SHA256 webhook signature verification
RS256 JWT authentication for GitHub API calls
Regular security audits
Principle of least privilege access

4. Data Sharing

We do not sell your data. We may share data with:

Service Providers: Cloudflare for infrastructure
Legal Requirements: When required by law or legal process
Business Transfers: In connection with a merger or acquisition

5. Data Retention

Active Installations: Data retained while app is installed
After Uninstall: Data deleted within 30 days
Verification Logs: Retained for 90 days
Support Requests: Retained for 1 year

6. Your Rights

You have the right to:

Access: Request a copy of your data
Deletion: Request deletion of your data
Portability: Receive your data in a portable format
Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@epochcore.com

7. Children's Privacy

Integrity Gate is not intended for users under 13 years of age. We do not knowingly collect information from children.

8. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for such transfers.

9. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through the Service or via email.

11. Contact Us

For privacy-related inquiries:

Email: privacy@epochcore.com
Support: integrity-gate.pages.dev/support

12. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to opt-out of the sale of personal information (note: we do not sell personal information).

13. GDPR Compliance

For EU/EEA residents, EpochCore acts as a data processor. Our legal basis for processing is:

Performance of contract (providing the service)
Legitimate interests (improving the service)
Legal compliance (where required)

← Back to Home