Privacy Policy

Argus analyzes your Claude Code sessions to score developer behavior across five axes. Your source code never leaves your machine. Analysis runs locally in a Docker container. Only numeric scores and behavioral summaries are uploaded to YC.

Last updated: March 2026

What the upload script collects

Claude Code transcripts

JSONL files from ~/.claude/projects/. These contain your full conversation history with Claude Code: your prompts, Claude's responses, tool usage records (file reads, edits, bash commands), session metadata, subagent transcripts, and tool result files.

Git repository data (unless --no-repo)

A git archive snapshot of your repository (with the exclusion list below), up to 50,000 commit metadata entries (sha, author, date, subject), 100 recent diffs, merged PR data from the GitHub API, and scc line counts. Total archive capped at 50MB.

Metadata sidecar

Git remote URLs, local directory paths, and PR links extracted from transcripts.

What the script removes before sending

The upload script applies these redaction patterns to all JSONL and JSON files before transmission:

Pattern What it catches
sk-ant-* Anthropic API keys
sk-* OpenAI API keys
AKIA* AWS access keys
gh[pousr]_* GitHub tokens (PATs, OAuth, fine-grained)
eyJ*.eyJ*.* JSON Web Tokens (JWTs)
Bearer * Bearer authorization tokens
API_KEY=, SECRET_KEY=, etc. Environment variable assignments

Excluded files

Never included in the archive: .env* *.pem *.key credentials* config/master.key config/credentials.yml.enc .secret* tmp log

How to limit what you send

--no-repo Skip bundling git repository data entirely. Only transcripts are included.
--since 2m Only include sessions from the last 2 months (supports days, weeks, months).
--project NAME Select a specific project by repository name instead of all projects.

Account data

Email. Used for magic link authentication. Tokens are SHA256-hashed at rest, expire after 15 minutes, and are single-use.

Session cookie. _argus_session, 1-week expiry. HttpOnly, Secure, SameSite=Lax.

API tokens. Used for Docker client authentication. SHA256-hashed at rest. Admins can revoke tokens and set usage limits.

What we generate from your data

  • LLM narratives. High-level behavioral summaries of each session generated by Claude.
  • Behavior scores. Numeric scores across 5 axes: Throughput, Steering, Engineering Quality, Product Thinking, Planning.
  • Decision patterns. Structured records of how you directed the AI during coding sessions.
  • Evidence excerpts. Transcript and commit excerpts with vector embeddings, used for search and analysis.
  • Episode groupings. Sessions grouped into coherent work episodes.
  • Commit group analysis. Git diffs grouped and reviewed by LLM for code quality signals.
  • LLM call logs. Full request/response logs retained temporarily for anti-gaming verification, then scrubbed. After scrubbing, only metadata (token counts, cost, content hash) is retained.

Third-party services

Anthropic Claude API Transcript text sent for behavioral analysis. Requests are routed through both Anthropic's API and Microsoft Azure. Processes condensed conversation excerpts (not source code files).
Google AI Studio (Gemini) Code evidence and transcript excerpts sent for vector embedding generation. Used for semantic search in the chat feature. No data is stored by Google.
Mailgun Email delivery only (magic link authentication). We send your email address; Mailgun delivers the message.
Google Fonts Loaded browser-side. Exposes your IP address and user agent to Google.
Amazon Web Services Application hosting (ECS Fargate, us-west-2 Oregon). Manages web server, background workers, database (RDS PostgreSQL), Redis (ElastiCache), and file storage (S3).
Sentry Error tracking in production only. No PII sent. Captures error context, stack traces, and performance samples.

Who can see your results

You. Results pages require login. Only the account that uploaded the data can view the results.

YC admins. Employees with @ycombinator.com email addresses have admin access to all uploads.

Chat conversations. Stored server-side and tied to your upload. Same access rules apply.

Security

  • HTTPS with HSTS enforced on all connections
  • Secure, HttpOnly, SameSite cookies
  • API tokens and magic link tokens SHA256-hashed at rest
  • Rate limiting: 100 requests/hour per IP, 500 LLM calls/day per token
  • Sensitive parameters filtered from server logs
  • CORS restricted to application origin
  • Anti-gaming: 5-layer verification system (HMAC nonces, score re-derivation, anomaly detection)

What we do not collect

  • No analytics services (no Google Analytics, Mixpanel, Segment, Hotjar)
  • No tracking pixels or beacons
  • No browser fingerprinting
  • No cookies beyond the session cookie
  • No third-party ad or marketing trackers
  • localStorage is used client-side only (chat UI state)

Data retention and deletion

Upload data (scores, narratives, metrics) is stored indefinitely. When an upload is deleted, all associated data is cascading-deleted (projects, sessions, episodes, decisions, evidence chunks, chat conversations).

LLM proxy logs are retained temporarily for anti-gaming verification, then scrubbed of prompt content. Metadata (token counts, cost, content hash) is retained permanently.

To request deletion of your data, contact us at the address below.

Contact

Questions about privacy or data handling: oss@ycombinator.com

Full Upload Mode (opt-in)

When you run the upload script with the --full-upload flag, additional debug data is sent to the server alongside the normal scores and summaries. This is intended for debugging pipeline quality and is completely opt-in.

Additional data sent in full upload mode:

  • Raw AI transcript files (your conversations with coding assistants)
  • Condensed/chunked transcript text used for analysis
  • LLM prompts and responses generated during pipeline processing
  • Extracted session events and signals
  • Pipeline execution logs

This data is stored as an encrypted archive in S3, accessible only to YC administrators. Debug archives are automatically deleted after 30 days. Full upload mode defaults to on for YC admin accounts and is opt-in for all other authorized users.

Example: what gets uploaded to YC

Anonymized example of the JSON payload sent from the Docker container. No source code, no file contents, no raw transcripts. 

{
  "episode_scores": [
    {
      "title": "Authentication refactor",
      "scores": { "throughput": 7.5, "steering": 8.0, "eng_quality": 7.0, "product_thinking": 6.5, "planning": 7.0 },
      "confidence": "high"
    }
  ],
  "session_summaries": {
    "abc123": "Developer refactored auth middleware across 3 sessions. Started with a clear plan, tested edge cases, caught a regression early..."
  },
  "git_metrics": {
    "velocity": { "loc_per_day": 3200, "commits_per_day": 12 },
    "total_commits": 47,
    "loc_stats": { "test_ratio": 1.2 }
  },
  "slop_data": { "percentage": 0.02, "signals": [] },
  "nonces": ["req_001:a1b2c3d4", "req_002:e5f6g7h8"]
}