Privacy Policy

Last updated: January 2026

Blue Cave ("Blue Cave", "we", "us"), brought to you by RemoteRun, builds a code analysis and test coverage tool, amongst other developer tools. This policy explains what personal data we process, why we do it, and what choices you have when you visit our website or use our services (including our GitHub integration).

1. Our details

Address:

RemoteRun
Govert Flinckstraat 135
Amsterdam
The Netherlands

Email: [email protected]

2. When we act as controller vs processor

Our website, marketing and customer relationship: we act as the controller.

Repository analysis for a customer: in most cases, the customer (the organisation that connects a repository) is the controller, and Blue Cave acts as a processor processing repository content on the customer's instructions.

3. Data collection and processing

A. Data you give us
  • Name and email address (for example when you contact us or subscribe)
  • Company details (company name, role)
  • Messages you send us (support requests, feedback)
B. Account and product data
  • Product usage events (for example which screens/features you use)
  • Billing information (if applicable). We do not store full payment card details; our payment provider handles payment details.
C. GitHub and repository data

When you install Blue Cave through GitHub, we receive data from GitHub and from the repositories you connect, such as:

  • GitHub user/org/repo identifiers and metadata (repo name, pull request number, commit SHA, etc.) which is stored
  • Code and configuration submitted for analysis (for example, files in the repo and CI configuration) which is not stored
  • Blue Cave's analysis outputs (logs, reports, findings, and related metadata) are stored temporarily

We use this data to run checks and show results in Blue Cave and/or in GitHub checks.

Important: our service is not designed for storing secrets. Do not intentionally place passwords, tokens, or other secrets in your repository.

D. Website usage data (cookies and similar technologies)

When you visit our website, we may collect:

  • IP address (and approximate location derived from it)
  • Device/browser information
  • Pages visited and actions taken
  • Referrer information

4. Personal data usage

If you are in the EEA/UK, we use these legal bases:

Provide the service
  • Create and manage accounts
  • Run repository checks and show results
  • Provide customer support
Improve and secure the product
  • Keep the service reliable and secure
  • Prevent abuse, fraud, and attacks
  • Improve performance and features
Marketing
  • Send product updates and marketing messages

You can opt out any time via the unsubscribe link. Where consent is required, we will ask first.

Legal obligations
  • Accounting/tax obligations
  • Responding to lawful requests

We do not sell personal data.

5. Cookies and Google Analytics

We use cookies and similar technologies:

  • Necessary cookies to make the website work
  • Analytics cookies (only with your consent where required)
Google Analytics

We use Google Analytics to understand website traffic and usage (for example, pages viewed, time on page, and general usage patterns). Google Analytics uses cookies and similar technologies.

  • Consent: where required, we only run Google Analytics after you accept analytics cookies.
  • Control: you can withdraw consent at any time via our cookie settings or by clearing cookies in your browser.

6. Who we share data with

We share personal data only when needed:

  • Service providers (for example hosting, analytics, email delivery, customer support tools, and payments)
  • Legal and safety reasons (to comply with law, or to protect rights, users, and security)
  • Business changes (merger, acquisition, financing, or sale of assets)
  • Your instructions (when you ask us to)

If you want a list of key subprocessors, contact us at [email protected].

7. How long we keep data

We keep personal data only as long as needed for the purposes above.

Typical retention periods:

  • Website analytics: kept for 12 months (set in our analytics configuration).
  • Support communications: kept for up to 2 years after the last interaction.
  • Account data: kept while your account is active and then up to 6 months after closure, unless we must keep it longer for legal reasons.
  • Repository analysis data: kept to provide results and history, then deleted within 30 days of inactivity, or the customer's deletion request, unless we must keep it for legal reasons.

8. Security

We use reasonable technical and organisational safeguards to protect personal data. No online service can guarantee 100% security, but we work to prevent unauthorised access, loss, and misuse.

9. Your rights and choices

Depending on where you live, you may have rights to:

  • access your data
  • correct it
  • delete it
  • restrict processing
  • object to processing
  • receive a portable copy of certain data
  • withdraw consent (where processing is based on consent)

To exercise rights, email [email protected].

Automated decision-making: We do not use your personal data to make fully automated decisions that have legal or similarly significant effects on you.

10. Minors

You must be age 13 or older to use Blue Cave. We do not target our services to children under 13, nor do we permit any users under 13 on our service. If we learn of any user under the age of 13, we will terminate that user’s account immediately. If your country’s minimum age is older, you are responsible for complying with your country’s laws.

11. Changes

We may update this policy from time to time. We will post the updated version here and change the "Last updated" date.

Questions? Email [email protected].