Privacy

Privacy. Plain language.

Last updated: May 6, 2026

workdna is in beta and run by one person (Kunal Mahato). The shorter this page, the more I have actually committed to. I kept it short on purpose.

What workdna collects

There are three classes of data:

  1. Commit metadata you authorize via GitHub OAuth. When you sign in, workdna fetches the commit history (SHA, timestamp, message, file paths, additions / deletions) for the repositories you grant access to. We never read your private repository contents beyond what GitHub returns through the commits API.
  2. Classifications generated from that metadata. workdna sends each commit message and file-path list to Anthropic's Claude API to label it as innovation / maintenance / glue / tech-debt / firefighting. The classifier output (label, confidence, one-sentence rationale) is stored alongside the commit row in our Supabase database.
  3. Contact-form submissions. If you write to me from /#contact, your name, email, and message land in a private Supabase table that I read directly. There is no marketing list. No auto-responder. I reply personally.

What workdna does not do

  • We do not train any model on your data. Anthropic's API has zero data retention for API traffic by default; workdna does not opt in to any training program.
  • We do not sell your data. We do not share it with third parties for advertising, lead generation, or analytics profiling.
  • We do not surface your individual data to anyone else. The team view is aggregate-only by design (see the principles); there is no admin tier that can see "all employees".

Where it lives

workdna runs on Vercel. Application data (commits, classifications, sessions, contact messages) lives in a Supabase Postgres database in a single region. GitHub OAuth tokens are encrypted at rest before being stored. We use Vercel's cookieless Web Analytics for traffic measurement (no third-party trackers, no cross-site cookies).

Subprocessors we depend on

  • Vercel: hosting, edge network, analytics.
  • Supabase: Postgres database for app data.
  • Anthropic: Claude API for commit classification. Zero retention on the API path.
  • Resend: transactional email for the contact form notifications. Used only to deliver the message you sent to me.
  • GitHub: OAuth + commit metadata source.

Your data, your call

At any time you can email me to delete your account and every row associated with it (commits, classifications, contact submissions, sessions). I will confirm and complete the deletion within 24 hours. You can also revoke workdna's GitHub OAuth grant at any time from your GitHub settings page; that immediately stops new data flowing in.

Cookies

workdna sets one session cookie when you sign in (Auth.js). No advertising, fingerprinting, or third-party trackers. If you never sign in, no cookies are set.

Changes to this policy

If we make material changes (new subprocessor, retention change, new data class) I will update this page and bump the "last updated" date above. Material changes that affect existing users will also be sent over email.

Contact

Questions, deletion requests, or a concern about how something is handled? Use the contact form and your message lands directly in my inbox. Replies come from me, not a queue.