Legal

Privacy Policy

Last updated: June 28, 2025

Outrightly (“we,” “our,” or “us”) operates the Outrightly platform at outrightly.io. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information we collect

Account information. When you register, we collect your email address, name (optional), and a hashed password. If you use OAuth (Google or GitHub), we receive your name and email from the provider.

Stack data. When you add technologies to monitor, we store the package names, versions, and ecosystems you provide. This data is used exclusively to match CVEs and generate alerts for you.

Usage data. We collect basic server logs (IP addresses, request paths, timestamps) for security and operational purposes. We do not use third-party analytics trackers.

Payment data. Billing is handled entirely by Stripe. We do not store credit card numbers or payment details. We receive a Stripe customer ID and subscription status.

How we use your information

We use your information to: provide and operate the Outrightly platform, match CVEs to your registered technologies, send vulnerability alerts via your configured channels (email, Slack, webhook), process payments through Stripe, respond to support inquiries, and improve the service.

We do not sell your data, share it with advertisers, or use it to train AI models.

Data storage and security

Your data is stored on Railway-hosted PostgreSQL servers located in the United States. We use HTTPS for all data transmission. Passwords are hashed using bcrypt and never stored in plaintext. Access to production databases is restricted to essential infrastructure only.

Third-party services

We use the following third-party services to operate the platform:

  • Stripe: payment processing and subscription management
  • Resend: transactional email delivery
  • Railway: database and worker infrastructure hosting
  • Vercel: web application hosting
  • NVD, OSV, CISA KEV: public CVE data sources (no personal data shared)

Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@outrightly.io. Account deletion removes all your stacks, alerts, and personal information from our systems.

Cookies

We use a single session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party cookie services.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify Pro subscribers of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

Questions about this Privacy Policy? Email us at privacy@outrightly.io.