Privacy Policy

Last updated: April 2026

1. What We Collect

When you use Tachyon, we collect the following categories of information:

  • Account information: Your name, email address, and organization details provided during signup.
  • Source code and repository data: Code, pull requests, commit metadata, and related repository contents accessed through your GitHub integration for the purpose of security analysis.
  • Analysis outputs: Security findings, PR review comments, and scan metadata generated by our service.
  • Usage data: Pages visited, features used, and interaction patterns to improve the service.

2. How We Use Your Data

  • To provide the service: Analyzing your code for security vulnerabilities, generating findings, and posting review comments on pull requests.
  • To improve analysis quality: Understanding patterns in how the service is used to improve accuracy and reduce false positives. We do not use your code to train machine learning models.
  • To communicate with you: Sending service-related notifications, security alerts, and responding to support requests.

3. Code Handling

Your source code is accessed through a GitHub App with read-only permissions. Code is pulled into isolated sandbox environments for analysis and is not stored on persistent disks. After analysis completes, sandbox environments are destroyed.

We do not retain copies of your source code beyond the duration of active analysis. Analysis outputs (findings, comments) are stored in our database for your use and can be deleted on request.

4. Third-Party Processors

We use the following third-party services to operate Tachyon:

  • Anthropic (Claude): Large language model provider used for code analysis. Code sent to Anthropic is covered by their zero-retention API policy — it is not used to train models and is not retained after processing.
  • Amazon Web Services (AWS): Cloud infrastructure provider hosting our service and sandbox environments.
  • GitHub: Source code platform integration for accessing repositories and posting review comments.

5. Data Retention and Deletion

We retain account information and analysis outputs for as long as your account is active. You may request deletion of your data at any time by contacting us.

Upon account deletion or data deletion request, we will remove your personal information and analysis outputs within 30 days. Some information may be retained in backups for up to 90 days.

6. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews. For more detail on our security practices, see our Security page.

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, delete, or export your data. To exercise these rights, contact us at the address below.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date.

9. Contact

For privacy-related questions or requests, contact us at rahul@tachyonsec.com.