Data Handling & Security

How we protect your code and data.

Current Data Handling

We understand that your code is your intellectual property. GitCash currently follows a best-effort, indie-stage approach:

  • Metadata Only: We primarily access commit metadata (timestamps, messages, lines changed) to calculate invoices. We do not store your source code on our servers.
  • Ephemeral Access: When we do need to analyze code complexity, it is done in memory during the processing job and immediately discarded.
  • OAuth Scopes: We request the minimum necessary GitHub permissions. You can revoke access at any time via your GitHub settings.

Security Note

GitCash does not currently publish formal technical guarantees or external audits for encryption standards. Please use the product with this limitation in mind.

Compliance & Certifications

GitCash is not currently certified under SOC 2, ISO 27001, GDPR, CCPA, HIPAA, PCI, or similar frameworks. If you require formally certified compliance, please wait for a future audited release.

Responsible Disclosure

If you discover a security vulnerability, please report it to through our support page. We appreciate the help of the security community in keeping GitCash safe.