FAQ

Questions you're definitely about to ask

Do you keep my code? ๐Ÿ‘€

Nope. We clone your repo into a temporary folder, run the scan, and nuke it โ€” every time, whether the scan succeeds, fails, or times out. Your code never sticks around on our side.

Then why do you need access to my repos?

We can't check what we can't see. The connection lets us pull your code to scan it โ€” that's it. We keep your login connected so you don't have to re-auth on every scan, but the code itself gets deleted the second we're done.

Is this a *real* security audit?

No, and we'd never pretend otherwise. GitRekt is a hygiene scanner โ€” it catches the common, automatable mistakes your AI loves to leave behind, and flags the rest for a human to eyeball. Think smoke detector, not fire marshal.

What do you actually check?

Leaked secrets & API keys, injection bugs, dodgy authentication, sketchy configuration, and vulnerable dependencies. If something looks off but needs a human's judgement, we tell you that too.

Who's "Paddle" on my receipt? ๐Ÿงพ

That's our payment processor (our merchant of record, if you're fancy). The charge says Paddle, not GitRekt โ€” so don't panic and call your bank. It's us.

Is this a sneaky subscription?

No surprise charges, ever. Everything's a one-time payment โ€” pay once, no auto-renew. Unlimited gives you 30 days; when it's up, it just stops. We won't quietly bill you again.