Privacy Policy

Last updated: July 1, 2026

At Norveth, we prioritize the security and privacy of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Engineering Intelligence Platform.

1. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password hash, and organization details.
  • Integration Data: OAuth tokens for GitHub, GitLab, or other VCS providers required to analyze your code.
  • Project Data: Source code, commit history, and metadata when explicitly requested for analysis.
  • Usage Data: Telemetry on how you interact with our dashboards, AI chat, and reports.

2. How We Use Your Information

We use the information we collect primarily to provide, maintain, and improve our Service. Specific uses include:

  • Generating architectural graphs, documentation, and engineering insights.
  • Authenticating your access and securing your account.
  • Responding to your customer service requests and support needs.
  • Monitoring platform performance and preventing malicious activity.

3. Source Code Privacy (Zero-Retention Policy)

We understand that your source code is your most valuable asset.

  • We do not permanently store your raw source code unless explicitly enabled via the "Code Archive" feature.
  • Analysis is performed in ephemeral, isolated container environments that are destroyed immediately after generating the Knowledge Graph.
  • Your code is never used to train public or foundational AI models.

4. Third-Party Service Providers

We may share your data with trusted third-party vendors who assist us in operating our platform, such as secure cloud hosting environments, managed database infrastructure, and specialized AI inference partners. All providers are strictly bound by enterprise DPAs (Data Processing Agreements).

5. Security of Your Information

We implement industry-standard security measures, including encryption at rest (AES-256) and in transit (TLS 1.3). We also employ strict rate limiting, Turnstile verification, and continuous vulnerability scanning. Our dedicated security team continuously monitors and upgrades our infrastructure to ensure your engineering data remains rigorously protected against emerging threats.

6. Your Data Rights (GDPR & CCPA)

Depending on your location, you may have the right to request access to, correction of, or deletion of your personal data. You can exercise these rights directly from your Account Settings or by contacting our Data Protection Officer.


If you have questions or comments about this Privacy Policy, please contact us at privacy@norveth.app.