Privacy Policy

PrePrice (preprice.app) is operated by Kenan Ali. You can reach us anytime at preprice@kenanali.com. PrePrice is in closed beta as of May 17, 2026; this policy describes the current production data handling.

• We never run it. We do static analysis only — reading file contents and structure. No build steps, no script execution.
• It's wiped in seconds, not hours. The cloned repo lives in a temporary worker filesystem that gets removed in a finally block immediately after the report writes. Uploaded zips are deleted from our storage object the moment extraction finishes. The 24-hour figure you may see elsewhere refers to a backstop cron job that catches orphans; the normal path is seconds.
• You can verify it yourself. Every report ships with a privacy receipt: timestamps for the code-received → code-wiped lifecycle, a SHA-256 of the exact archive (or repo HEAD commit) we analyzed, the byte and file counts, and the name of the RLS policy that prevents anyone else from reading your scan. Download the receipt as JSON for your compliance audit trail.
• It never trains a model. Our AI providers (Anthropic, OpenAI) operate under no-training contract terms for API traffic. Your code is not used to improve any model.
• It's not shared. Only you and PrePrice operators (us) can see your audit. We do not sell, share, or aggregate your code or your audit findings with any third party.

We use cookies for authentication only — the Supabase Auth session cookie that keeps you signed in. We do not use advertising trackers or third-party marketing pixels.

For product analytics we use PostHog. PostHog records page views and button clicks but does not record session replays, keystrokes, or form contents. Events are tied to your account ID after sign-in and anonymized for visitors.

• Supabase — stores your email, audit reports, billing record. Sends auth emails.
• Anthropic + OpenAI — process your code chunks during a scan to generate the audit. No-training terms, deletion within their standard retention windows (30 days for Anthropic, 30 days for OpenAI on the API).
• Vercel — hosts the web app and stores temporary deploy logs.
• Railway — hosts the analysis worker.
• Stripe — handles billing once checkout goes live. We never see or store your card number; only a Stripe customer ID and subscription state.
• PostHog — product analytics as described above.

You can ask us at any time to:

• Show you what we have on you
• Delete your account and every scan + report tied to it
• Export your audit reports as JSON
• Be removed from the beta wait-list

Email preprice@kenanali.com with the request. We'll action it within 30 days (usually faster — beta operations is small).

If you're in the EU/UK you have additional rights under GDPR (right to portability, right to rectification, right to object to processing). We treat every request the same regardless of where you're writing from.

PrePrice is not intended for anyone under 16. If you believe a child has created an account, email us and we'll remove it.

Per-user data is protected by Postgres Row Level Security at the database layer. Magic-link tokens are single-use and expire in 24 hours. The site runs over HTTPS with HSTS preload. Stripe handles all payment data directly; we never see card numbers. Read more in our FAQ.

We'll update this page when meaningful things change (new third-party processors, longer retention, new data categories). The “Last updated” date at the top reflects the most recent change. For material changes that affect existing users, we'll email everyone with an account.

preprice@kenanali.com — fastest way to reach us. We read every email.