1. What we collect
Your onboarding answers (what you advertise, your tracking stack), your GitHub account identity (username, granted scopes), the repository you select for auditing, and — once the monitoring module is installed — event metadata such as event names, statuses, and timestamps.
2. What we never collect
Your ad account credentials or tokens, your end users' personal information in plain form, your campaign data, or any repository you have not explicitly selected. User-level fields handled by the monitoring module are hashed inside your infrastructure before they reach Zoruko.
3. How we use it
Audit answers tailor the diagnosis. Repository access powers the audit and the pull requests. Event metadata powers your panel: ledgers, health scores, recovery counters, and alerts. We do not sell data or use it to train models for other customers.
4. Storage & retention
OAuth tokens are encrypted at rest (AES-256-GCM). Event metadata is retained while your workspace is active. Disconnect GitHub or delete your workspace and the associated access is revoked; stored data is deleted on request.
5. Your rights
You can request export or deletion of your workspace data at any time. If you are in a jurisdiction with data-protection law (GDPR, KVKK), those rights apply in full — contact us and we will act within the statutory window.