Last updated: March 2026
AuditBuffet (“we,” “our,” or “us”) operates auditbuffet.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Please read this Privacy Policy carefully. By accessing and using AuditBuffet, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
AuditBuffet also publishes a public pattern catalog at auditbuffet.com/patterns (and bundle / taxon directories at /bundles and /taxons). The catalog content — pattern detection prose, remediation guidance, external taxonomy references — is authored by AuditBuffet and published under CC-BY-4.0. The public catalog does NOT include submission telemetry, user-specific data, or anything derived from individual projects. It is a standalone body of authored reference material.
We collect information in the following ways:
When you create an account, we collect your email address. If you sign in via GitHub OAuth or Google OAuth, we receive your profile information (email, name, and profile picture) from the OAuth provider.
When you run an audit prompt and submit results to AuditBuffet, we collect structured telemetry data including:
What we do NOT collect: We intentionally do not collect source code, file contents, environment variables, API keys, URLs, or personally identifiable information (PII). Telemetry is designed to be anonymized and safe to submit.
We use Stripe to process subscription payments. We do not store your credit card details directly. Stripe securely handles payment processing, and we receive only confirmation of successful transactions.
With your explicit consent via the cookie banner, we load Vercel Analytics (web vitals, page views) and Vercel Speed Insights. These do not run until you accept. Sentry error monitoring runs for bug tracking. None of this data includes personally identifiable information.
We use Supabase session cookies for authentication — these are essential for the Service to function. Analytics tools are loaded only after you accept the consent banner and write a small preference key to your browser's local storage.
We use the information we collect for the following purposes:
Your data is stored on Supabase (PostgreSQL database) hosted in secure data centers. We implement the following security measures:
However, no security system is impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You use the Service at your own risk.
AuditBuffet relies on the following third-party services:
These third parties may collect and process data according to their own privacy policies. We encourage you to review them.
We use two categories of client-side storage:
ab_consent entry in your browser's local storage.To change your analytics preference at any time, clear your browser's storage for this site — the banner will reappear on your next visit.
We retain your personal data as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time (see “Your Rights” below).
Audit submission data is retained indefinitely to support benchmarking and trend analysis. However, submissions are stored anonymously and do not contain personally identifiable information.
You have the right to:
To exercise these rights, please contact us at the address in the “Contact” section below.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date.
Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy or our privacy practices, please contact us at: