Privacy Policy
Last updated: May 2026
Who we are
Hey Freya is operated by Benedikt Kraus, Kierberger Str. 25, 50969 Cologne, Germany. Contact: benedikt@krausmail.net
What we process
Code uploads. Files you submit for scanning are processed temporarily by our analysis pipeline and deleted immediately after the scan completes. We do not store your source code.
Scan results. The findings report (not your code) is stored for 90 days so you can retrieve it. It contains file paths and code snippets only where a finding was detected.
Account data. Email address and display name via Firebase Authentication (Google Sign-In). We do not store passwords.
Legal basis (Art. 6 GDPR)
- Code scanning: Contract performance (Art. 6(1)(b)) — processing is necessary to deliver the scan you requested.
- Account creation: Contract performance (Art. 6(1)(b)).
- Payment processing: Contract performance (Art. 6(1)(b)).
- Service communication: Legitimate interest (Art. 6(1)(f)) — operational emails about your scans.
Third-party services
- Firebase / Google — authentication and database. Google Privacy Policy applies.
- Stripe — payment processing. Stripe handles all card data. We never see your card number. Stripe Privacy Policy applies.
- Google Cloud Run — scan execution infrastructure in the US (us-central1).
Data transfer to third countries
Your code is processed on Google Cloud Run in the US (us-central1). This transfer is covered by Google's Standard Contractual Clauses (SCCs) and their EU Data Processing Terms. Stripe processes payment data in the US under their own SCCs. No code or personal data is transferred to any other third country.
Cookies
We use a single session cookie set by Firebase for authentication. No tracking cookies, no analytics cookies, no third-party advertising cookies.
Your rights (GDPR)
You have the right to access, correct, or delete your account data at any time. Email benedikt@krausmail.net and we will respond within 30 days. You can also delete your account directly from the dashboard.
Data retention
Scan results: 90 days. Account data: until you delete your account. Code uploads: deleted immediately after scan (not stored at all).
Contact
Questions or requests: benedikt@krausmail.net