Privacy Policy

Last updated: May 2026

Who we are

Hey Freya is operated by Benedikt Kraus, Kierberger Str. 25, 50969 Cologne, Germany. Contact: benedikt@krausmail.net

What we process

Code uploads. Files you submit for scanning are processed temporarily by our analysis pipeline and deleted immediately after the scan completes. We do not store your source code.

Scan results. The findings report (not your code) is stored for 90 days so you can retrieve it. It contains file paths and code snippets only where a finding was detected.

Account data. Email address and display name via Firebase Authentication (Google Sign-In). We do not store passwords.

Legal basis (Art. 6 GDPR)

  • Code scanning: Contract performance (Art. 6(1)(b)) — processing is necessary to deliver the scan you requested.
  • Account creation: Contract performance (Art. 6(1)(b)).
  • Payment processing: Contract performance (Art. 6(1)(b)).
  • Service communication: Legitimate interest (Art. 6(1)(f)) — operational emails about your scans.

Third-party services

  • Firebase / Google — authentication and database. Google Privacy Policy applies.
  • Stripe — payment processing. Stripe handles all card data. We never see your card number. Stripe Privacy Policy applies.
  • Google Cloud Run — scan execution infrastructure in the US (us-central1).

Data transfer to third countries

Your code is processed on Google Cloud Run in the US (us-central1). This transfer is covered by Google's Standard Contractual Clauses (SCCs) and their EU Data Processing Terms. Stripe processes payment data in the US under their own SCCs. No code or personal data is transferred to any other third country.

Cookies

We use a single session cookie set by Firebase for authentication. No tracking cookies, no analytics cookies, no third-party advertising cookies.

Your rights (GDPR)

You have the right to access, correct, or delete your account data at any time. Email benedikt@krausmail.net and we will respond within 30 days. You can also delete your account directly from the dashboard.

Data retention

Scan results: 90 days. Account data: until you delete your account. Code uploads: deleted immediately after scan (not stored at all).

Contact

Questions or requests: benedikt@krausmail.net