TrustStarTrustStar
← Home

Privacy Policy

Last updated: May 30, 2026

The short version

TrustStar does not collect, store, or sell personal data. The analysis API is fully stateless — we do not log your queries or associate analysis results with your identity. The only data we retain is a short-lived cache of analysis results (public GitHub metrics) to power the Recent Audits feed, which contains no personal information.

What we analyze

When you analyze a GitHub repository, TrustStar queries the public GitHub API on your behalf. All data processed — stargazer profiles, commit history, repository metadata — is already public on GitHub. We do not access private repositories, authenticated sessions, or any data that is not publicly visible.

Data we store

We use a Redis cache to store aggregated analysis results (score, label, signals) for recently analyzed repositories. This cache:

  • Contains only public repository data, not user identity or IP addresses.
  • Expires automatically — results are not retained indefinitely.
  • Powers the public Recent Audits feed (visible to all visitors).

We do not use cookies for tracking. No analytics scripts (Google Analytics, Mixpanel, etc.) are loaded on TrustStar pages.

Email collection (waitlist)

If you sign up via the "Stay updated" form, we store your email address solely to send you product updates. We do not share this list with third parties. You can unsubscribe at any time by replying to any email we send.

Third-party services

TrustStar uses the following external services:

  • GitHub API — to fetch public repository and stargazer data.
  • npm Registry — to fetch public package metadata and download counts.
  • Vercel — hosting and edge network. Vercel may log standard HTTP request metadata (IP, user-agent) per their own privacy policy.
  • Upstash Redis — short-lived result cache. No personal data is written.

Contact

Questions about this policy? support@truststar.co