Effective Date: July 1, 2025

Privacy Policy

Carrick (“we”, “our”, or “us”) respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website and associated tools, including our GitHub Action.

1. Information We Collect

  • Email address: Collected when you sign up for access via our website.
  • Repository metadata: We collect non-sensitive metadata from your repositories for the purpose of static analysis. This includes:
    • File and folder names
    • tsconfig.json (TypeScript configuration)
    • Declared NPM package dependencies
    • Small code snippets related to API usage (consumer/producer call sites)
  • Code snippets: Select portions of code relevant to API validation are collected and analyzed. These may be sent to third-party AI services for analysis.

2. How We Use Your Information

  • To provide API access to the Carrick service.
  • To perform static analysis and cross-repository validation.
  • To send anonymized code snippets to trusted third-party AI services (e.g., Google Gemini) for validation or enhancement.
  • To monitor service usage and improve product quality.
  • To communicate important updates or support inquiries.

3. Data Sharing

We do not share your personal data or repository metadata with third parties for marketing or advertising.

However, we may share limited, anonymized code snippets with third-party AI services (such as Google Gemini) to power our analysis features. These are:

  • Not associated with your identity
  • Not retained after processing by those services (to the best of our knowledge)
  • Sent only to providers who comply with their own privacy and data protection policies

4. Data Retention and Deletion

You may request deletion of your email, repository metadata, or any related analysis data by contacting us at contact@carrick.tools. Data is retained only for the duration necessary to provide analysis and improve the service.

5. Storage and Security

We use Amazon Web Services (AWS) to securely store all collected data. Access to user and repository data is restricted and encrypted where appropriate.

6. Access and Control

Carrick is currently available by invitation only. API keys are issued manually after sign-up and may be revoked at our discretion.

7. Third-Party Services

We use third-party services to power certain features, including:

  • Google Gemini for AI-based code analysis
  • Amazon Web Services (AWS) for storage and hosting

By using Carrick, you acknowledge that limited data (such as code snippets or dependency metadata) may be processed by these services.

8. Contact

For questions or data requests, email us at contact@carrick.tools.