Privacy

Privacy notice.

Last updated: 2026‑04‑23

Eunomio, Inc. (“Eunomio”, “we”) provides Eunomio CI Guard, a GitHub App for reviewing CI‑to‑cloud authentication changes. This notice explains what we collect when you install the app and how we use it. It is written to describe what the product actually does, not to cover future features.

What we collect

When you install the GitHub App into an organization, we receive the metadata GitHub provides to the app, including:

  • The installation account (organization or user) and installation id.
  • The list of repositories you grant the app access to.
  • Repository contents that the app needs to read to do its job: GitHub Actions workflow files, Terraform files that describe CI identity and IAM, and related configuration.
  • Pull request metadata and changed‑file diffs for pull requests in selected repositories, so the app can post a check status.
  • Events delivered by GitHub webhooks (installation, push, pull request, check run).

We don't ask for GitHub secrets, and we don't hold live AWS credentials. The product does not reach into your cloud account. See Security for the operational surface diagram.

How we use it

  • To run the scan, bootstrap, migration, and PR‑check behavior described in the product docs.
  • To send transactional email about your installation (for example, install confirmation or support replies).
  • To operate the service: logging, diagnostics, and security monitoring of our own infrastructure.

We do not sell your data. We do not use repository contents to train third‑party models.

Retention

We keep the minimum installation state needed to keep the product working: which org installed the app, which repos are selected, and the small amount of per‑repo state the scan and PR‑check flow needs. We do not maintain long‑term archives of your pull request diffs beyond what is needed to produce the check and any linked artifacts. If you uninstall the GitHub App, we stop receiving new events for that installation, and installation state is removed on a reasonable cadence.

Subprocessors

We use a small number of infrastructure providers to host the backend service, send email, and handle billing. We keep this list short on purpose. If you need the current list for a procurement review, email support@eunomio.com.

Your choices

  • You can narrow or expand which repositories the GitHub App has access to from your GitHub organization settings at any time.
  • You can uninstall the GitHub App at any time.
  • You can email us to ask what installation state we hold for your org, or request deletion.

Security reports

If you believe you've found a security issue with Eunomio itself, please email security@eunomio.com. We'll respond quickly and keep you informed during triage.

Contact

Privacy questions: support@eunomio.com. For general support channels, see the Support page.

Changes to this notice

This is an evolving product. If we change how we collect or use data, we'll update this page and the "last updated" date above. Material changes will be noted on the public site.