Nope. We clone your repo into a temporary folder, run the scan, and nuke it โ every time, whether the scan succeeds, fails, or times out. Your code never sticks around on our side.
We can't check what we can't see. The connection lets us pull your code to scan it โ that's it. We keep your login connected so you don't have to re-auth on every scan, but the code itself gets deleted the second we're done.
No, and we'd never pretend otherwise. GitRekt is a hygiene scanner โ it catches the common, automatable mistakes your AI loves to leave behind, and flags the rest for a human to eyeball. Think smoke detector, not fire marshal.
Leaked secrets & API keys, injection bugs, dodgy authentication, sketchy configuration, and vulnerable dependencies. If something looks off but needs a human's judgement, we tell you that too.
That's our payment processor (our merchant of record, if you're fancy). The charge says Paddle, not GitRekt โ so don't panic and call your bank. It's us.
No surprise charges, ever. Everything's a one-time payment โ pay once, no auto-renew. Unlimited gives you 30 days; when it's up, it just stops. We won't quietly bill you again.