Privacy
Last updated 2026-07-09.
What we collect
- Account data: your GitHub-provided name, email, avatar, and a username you choose, via GitHub OAuth.
- Published content: artifacts, benchmark runs, and profile fields (bio, website) you choose to submit.
- API tokens: stored only as a SHA-256 hash, never in plaintext. The raw token is shown to you once at creation and cannot be retrieved again.
- Basic server logs: request metadata (path, status, timestamp) for operating and securing the service. We do not run third-party analytics or advertising trackers.
What we don't collect
We never see or store your GitHub password, and we do not request write access to your repositories. We do not store QPU-provider or cloud-provider credentials -- that's explicitly out of scope for KetQat.
How it's used
Account data authenticates you and attributes content you publish. Published content is served to visitors per its visibility setting (see Terms). Logs are used for debugging, abuse prevention, and capacity planning, and are not sold or shared with advertisers.
Third parties
Infrastructure is hosted on Google Cloud (Cloud Run, Cloud SQL). Authentication uses GitHub OAuth. Neither receives more than the minimum needed to operate the service.
Your controls
- Revoke any API token at any time in Settings.
- Edit your profile fields, or set artifacts/runs you own to
PRIVATE, at any time. - Request account or data deletion by opening an issue on github.com/ketqat. Public content already reused by others under its license (see Licensing) cannot be retroactively un-shared.
Changes
This policy may change as KetQat grows. Material changes will be reflected here with an updated date.