Privacy Policy

Overview

Nark (“we”, “us”, “our”) is a code analysis tool that scans TypeScript projects for unhandled package behaviors. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

How Nark Works

Nark operates as a local-first CLI tool. When you run npx nark, the scan runs entirely on your machine or CI environment. Your source code is never uploaded to our servers.

Nark compares your code against our open-source Nark Profile library to identify unhandled failure modes. The analysis happens locally — we do not have access to your repository contents, file structures, or source code at any point during a scan.

Data We Collect

CLI Data Streams

Running npx nark sends two streams of data over the network by default:

• Anonymous scan telemetry: which packages were scanned and their installed versions, violation counts per package, an anonymous device ID, a SHA-256 hash of your git remote URL (never the URL itself), and scan duration / Node version / OS. No source code, file paths, function names, or environment variables are sent.
• Crash reports via Sentry:unexpected error stack traces, with your home directory and file paths scrubbed before transmission. Sampled at 25%. Hosted on Sentry's US infrastructure with 30-day retention.

Both streams are opt-out, not opt-in. Disable them with nark telemetry off, NARK_TELEMETRY=off, or DO_NOT_TRACK=1 (the last also disables Sentry). See our Telemetry page for the full data disclosure, scrubbing rules, and opt-out details.

Cloud Dashboard Account

When you sign in via nark auth login or set NARK_TOKEN, the same scan telemetry events described above are tagged with your Bearer token so they can be attributed to your organization. No additional data is sent that was not already sent in the anonymous case.

Website & Account Data

When you create a Nark Cloud account, we collect:

• Email address (for account creation and communication)
• Authentication credentials (managed via our auth provider)
• Billing information (processed by Stripe; we do not store card numbers)

How We Use Your Data

• To provide the Nark Cloud dashboard and display scan trends
• To send account-related emails (welcome, billing, security alerts)
• To improve the product based on aggregate, anonymized usage patterns

We do not sell your data to third parties. We do not use your data for advertising. We do not share individual scan results with anyone outside your organization.

Data Storage & Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Our infrastructure is hosted on reputable cloud providers with SOC 2 compliance. Access to production data is restricted to essential personnel only.

Data Retention

Scan telemetry data is retained for the duration of your subscription. If you cancel your account, telemetry data is deleted within 30 days. Account data (email, billing history) is retained as required by law.

Your Rights

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Export your scan telemetry data
• Opt out of non-essential communications

To exercise any of these rights, contact us at hello@nark.sh.

Cookies

Our marketing website (nark.sh) uses minimal, essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.

Third-Party Services

We use the following third-party services:

• Stripe — payment processing
• Vercel — website hosting
• Sentry — crash reporting (US region, 30-day retention; see /telemetry for scrubbing details)

Each provider has their own privacy policy governing how they handle data.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or our data practices, contact us at hello@nark.sh.