Privacy Policy

Last updated: April 2026

Korext Open Source (oss.korext.com) is operated by Korext. This policy explains how we handle data on this site.

Summary

We use Google Analytics to understand how visitors use this site. Analytics cookies are loaded only after you consent. We collect personal data through forms only when you voluntarily submit it. We do not sell your data.

Cookies

Analytics (requires your consent)

We use Google Analytics to measure site usage. These cookies are set only if you accept analytics cookies in the consent banner.

_ga2 years

Provider: Google

Purpose: Distinguishes unique visitors

_gid24 hours

Provider: Google

Purpose: Distinguishes unique visitors

_gat1 minute

Provider: Google

Purpose: Limits request rate

Google Analytics is configured with IP anonymization enabled. Your IP address is truncated before being sent to Google.

You can withdraw consent at any time by clicking Cookie Preferences in the site footer.

Necessary

No cookies are set for basic site functionality. Server logs are maintained for security.

Marketing

We do not currently use marketing or advertising cookies.

What We Collect

Server Logs

Our hosting infrastructure automatically records:

  • IP addresses
  • Browser user agent strings
  • Pages requested
  • Timestamps
  • HTTP status codes

This data is used for security monitoring, abuse prevention, and infrastructure operations. It is retained for 30 days and then deleted.

Legal basis: legitimate interest in maintaining site security and availability.

Voluntary Submissions

When you submit data through forms on this site (incident reports, regression patterns, notification subscriptions), we collect the data you provide. This may include:

  • Name (optional)
  • Email address (optional or required depending on the form)
  • Organization (optional)
  • Technical content (code patterns, incident descriptions)

This data is used to operate the registries and notification services you signed up for.

Legal basis: consent (you chose to submit the data).

Badge and Report Requests

When you use the badge generator or view a report page, we fetch data from public GitHub repositories on your behalf. We do not store which repositories you looked up.

What We Do Not Collect

  • Advertising identifiers (none)
  • Location data beyond IP address (none)
  • Browsing history (none)
  • Cross-site tracking (none)
  • Device fingerprints (none)

Consent Management

Change your cookie preferences at any time by clicking Cookie Preferences in the site footer.

When you enable analytics

Google Analytics loads and begins collecting anonymized data.

When you disable analytics

Google Analytics cookies are deleted and the page reloads to unload the tracking script.

Your preference is stored in your browser localStorage (not a cookie). It is not sent to our servers.

Third Party Services

Google Cloud

This site is hosted on Google Cloud Run. Google's infrastructure processes server logs as described above.

Google Analytics

Processes anonymized usage data. IP anonymization enabled. Data processed in the United States. Google operates under Standard Contractual Clauses for EU data transfers.

Google privacy policy: policies.google.com/privacy

GitHub

We fetch data from GitHub's public API to render badges and reports. GitHub's privacy policy applies to data stored on GitHub.

Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing based on legitimate interest
  • Withdraw consent for voluntary submissions
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at maintainers@korext.com.

Data Retention

Server logs30 days
Analytics data14 months (Google Analytics default retention)
Incident submissionsRetained as long as published in the registry (redaction available on request)
Regression submissionsSame as incident submissions
Notification subscriptionsUntil you unsubscribe
Badge/report requestsNot stored

Data Transfers

Server logs are processed by Google Cloud in the United States. If you are in the European Economic Area, this constitutes a transfer outside the EEA. Google Cloud operates under Standard Contractual Clauses for such transfers.

Google Analytics data is processed in the United States. Google operates under Standard Contractual Clauses approved by the European Commission.

Data Security

All connections use HTTPS. Security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy) are applied to all responses.

Children

This site is not directed at children under 16. We do not knowingly collect data from children.

Changes

We may update this policy. Changes are posted on this page with an updated date. If changes are material, we will update the consent banner version so it reappears for existing visitors.

Contact

For privacy inquiries: maintainers@korext.com

Korext

San Francisco Bay Area

United States

← Back to home