Privacy Policy
Last updated: March 24, 2026
This Privacy Policy explains what information Semantica collects, how we use it, and what rights you have over it. We have written it to be as clear and straightforward as possible.
Note: This Privacy Policy is a starting point and should be reviewed by a qualified attorney before publication, particularly given GDPR obligations for EU/UK users.
1. Who We Are
Semantica is operated by Semantica Inc., incorporated in the United States. For the purposes of this policy, we are the data controller for information collected through our website and hosted services.
If you have questions about this policy or your data, contact us at:
Email: privacy@semantica.sh Website: semantica.sh
2. The Short Version
- The Semantica CLI stores all data locally on your machine. We never see it unless you explicitly connect a repository to our backend.
- Our website collects usage analytics to understand how people find and use our site. We do not sell this data.
- If you connect a repository, we receive attribution summaries and commit metadata — not your code, not your transcripts.
- EU and UK users have rights under GDPR and UK GDPR, including the right to access, correct, and delete their data.
3. What We Collect and Why
3.1 Website visitors
When you visit semantica.sh, we collect usage analytics. This may include:
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Pages visited, referrer URL | Understand how people find and navigate our site | Legitimate interest |
| Browser type, operating system | Improve compatibility | Legitimate interest |
| Approximate location (country/region level) | Understand our user geography | Legitimate interest |
| Time spent on pages | Improve content and documentation | Legitimate interest |
We do not collect your name, email address, or any personally identifying information from website visits unless you voluntarily provide it (for example, by contacting us).
We use privacy-respecting analytics that do not build individual user profiles or track you across other websites.
3.2 CLI users (local only)
The Semantica CLI runs entirely on your machine. When you use the CLI without connecting to our backend, no data is sent to us. All checkpoints, session data, attribution results, playbooks, and repository content stay in .semantica/ on your device.
We have no access to:
- Your source code
- Your AI agent session transcripts
- Your commit history
- Your file contents
3.3 Connected repository users
If you run semantica connect to link a repository to the Semantica dashboard, we receive:
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Attribution summaries (AI percentage, line counts, file counts per commit) | Power the dashboard and PR integrations | Contract performance |
| Commit metadata (hash, subject, author name, timestamp) | Link attribution to commits | Contract performance |
| Session identifiers and provider names (e.g. "claude_code") | Show which agents were used | Contract performance |
| Repository name and remote URL (sanitized, credentials stripped) | Identify the repo in the dashboard | Contract performance |
We do not receive:
- File contents or diffs
- AI agent transcripts or conversation logs
- Playbook text
- Anything from
.semantica/objects/
Before any data leaves your machine, Semantica applies secret redaction using embedded Gitleaks patterns. If redaction fails, the send is blocked.
3.4 Authentication
If you log in via GitHub or GitLab OAuth (semantica auth login), we receive:
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| OAuth identity (username, email, provider user ID) | Authenticate you and identify your account | Contract performance |
| OAuth access token | Make authorized API calls on your behalf | Contract performance |
We store access and refresh tokens in your OS secure storage (macOS Keychain, Linux Secret Service) or in ~/.config/semantica/credentials.json with 0600 permissions. We never store your GitHub or GitLab password.
4. How We Use Your Data
We use the data we collect to:
- Operate and improve the Semantica website and services
- Provide the hosted dashboard, PR comments, and check run features
- Understand how our tools are being used so we can make them better
- Respond to support requests and security reports
- Comply with our legal obligations
We do not:
- Sell your data to third parties
- Use your data to train AI models
- Share your data with advertisers
- Build individual behavioral profiles for advertising purposes
5. Data Sharing
We may share your data only in these circumstances:
Service providers. We may use third-party services to help operate our platform (for example, hosting infrastructure, analytics). These providers process data only on our behalf and under our instructions.
GitHub and GitLab. If you use our GitHub App or GitLab integration, data is shared with those platforms as necessary to post PR comments and check runs. This is subject to their privacy policies.
Legal requirements. We may disclose data if required by law, court order, or to protect the rights, property, or safety of Semantica, our users, or the public.
Business transfer. If Semantica is acquired or merged with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
6. Data Retention
| Data type | Retention period |
|---|---|
| Website analytics | 24 months, then aggregated or deleted |
| Connected repository attribution data | Until you disconnect the repo or delete your account |
| OAuth credentials (local) | Until you run semantica auth logout |
| Support correspondence | 3 years from last contact |
You can request deletion of your data at any time by contacting privacy@semantica.sh.
7. Your Rights
For all users
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (subject to legal retention obligations)
- Withdraw consent where we rely on consent as our legal basis
For EU and UK users (GDPR and UK GDPR)
If you are located in the European Union or United Kingdom, you have additional rights under GDPR and UK GDPR:
- Right to data portability — receive your data in a structured, machine-readable format
- Right to restrict processing — ask us to limit how we use your data in certain circumstances
- Right to object — object to processing based on legitimate interests
- Right not to be subject to automated decision-making — we do not make automated decisions with legal or similarly significant effects based on your data
To exercise any of these rights, contact us at privacy@semantica.sh. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Data transfers. Semantica is based in the United States. If you are in the EU or UK, your data may be transferred to and processed in the US. Where required, we rely on appropriate safeguards for such transfers, including Standard Contractual Clauses. Contact us for more information about the specific safeguards in place.
8. Security
We take reasonable technical and organizational measures to protect your data, including:
- HTTPS encryption for all data in transit
- Credential storage in OS secure storage where available
- Secret redaction before any outbound data transmission
- Access controls limiting who within our team can access production data
No method of transmission or storage is completely secure. If you discover a security vulnerability, please report it responsibly to security@semantica.sh and do not open a public issue.
9. Children's Privacy
Semantica is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@semantica.sh and we will delete it promptly.
10. Third-Party Links
Our website and documentation may contain links to third-party websites, including GitHub, GitLab, and AI provider documentation. This policy does not apply to those sites. We encourage you to review their privacy policies before providing any personal information.
11. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes, we will make reasonable efforts to notify you, such as by posting a notice on our website. Your continued use of Semantica after changes take effect constitutes your acceptance of the updated policy.
12. Contact and Complaints
For privacy questions, data requests, or complaints:
Email: privacy@semantica.sh Website: semantica.sh
EU/UK users may also contact their local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu. The UK authority is the Information Commissioner's Office at ico.org.uk.