1. Data controller
The data controller is Osmove, 146 ave Léon Blum, 92160 Antony, France. Privacy contact: privacy@osmove.com.
2. What we collect
- Account data: email, name, organization. Required for cloud features.
- Billing data: handled by Stripe; we never see card numbers.
- Service data: lint policies, rule violations counts, run timestamps. No source code.
- Logs: IP, user agent, request paths. Kept 30 days for security/debugging.
3. What we don't collect
We do not collect or transmit your source code. The CLI runs locally; analysis happens on your machine. The cloud sees only aggregate counts and policy configuration — never the files being analyzed.
4. Why we collect it
Account & billing data: to operate paid cloud features. Service data: to enable cross-machine policy sync and audit logging. Logs: to detect abuse, debug incidents, comply with legal obligations.
5. Legal basis (GDPR)
Performance of the service contract (account, billing, service data) and legitimate interest (security logs). We do not process special categories of data.
6. Subprocessors
- Heroku (Salesforce, Inc.) — hosting, EU/US data centers
- Stripe, Inc. — payment processing
- Postmark — transactional email
- Sentry — error monitoring
7. Retention
Account data: kept while your account is active, deleted within 30 days of termination. Billing data: kept 10 years for accounting purposes. Logs: 30 days. Audit log entries: per your subscription's retention setting (default 1 year).
8. Your rights
Under GDPR you have the right to access, rectify, delete, restrict processing, and port your data. Contact privacy@osmove.com. You may also lodge a complaint with the CNIL (French data protection authority).
9. Cookies
We use strictly necessary cookies (session, CSRF) and, in production, basic analytics (Google Analytics). No advertising cookies.