When you analyze a private repository with RepoExplainer, you're trusting us with your code. Here's exactly what happens — no marketing language, just the technical facts.
We use OAuth to get a temporary access token from GitHub or GitLab. This token allows us to read repository contents on your behalf. We never store these tokens beyond your session.
We store: the repository owner/name, the analysis result (the AI-generated text), and metadata like when it was analyzed. We do NOT store the actual source code from your repository.
Selected file contents are sent to Anthropic's Claude API for analysis. Anthropic's API data retention policy applies. We recommend not analyzing repositories containing secrets, passwords, or highly sensitive business logic.
Before analyzing a private repo: ensure no hardcoded secrets (use .env files), review your repository's sensitivity level, and consider using a fork with sensitive code removed if needed.
If you have specific security concerns about your use case, contact us at ibrohimovyusufbro@gmail.com. We take security seriously and are happy to discuss enterprise security requirements.