Grasp analyses source code on your machine or fetches repository metadata from the GitHub or GitLab APIs (using your own credentials) to produce dependency graphs, health scores, and architecture diagrams.
None. Grasp does not collect, transmit, store, or process any personal data, usage data, telemetry, analytics, or crash reports. No account is required. No data ever leaves your machine except for the GitHub/GitLab API calls you explicitly initiate using your own token.
When you provide a GitHub Personal Access Token or GitHub App credentials, those credentials are stored only in your browser's localStorage (browser extension / web app) or your IDE's local settings storage (VS Code / JetBrains). They are never transmitted to Ashforde OÜ. API calls go directly from your machine to the GitHub or GitLab API.
The Grasp browser extension (Chrome, Firefox, Safari) injects a button on GitHub and GitLab repository pages. Any token you provide is stored in your browser's localStorage and is only used for direct API calls to GitHub or GitLab. No data is sent to Ashforde OÜ. For self-hosted GitLab instances, host permission is only requested when you explicitly enable it.
The IDE extensions communicate exclusively with the Grasp CLI (grasp-mcp-server) running as a local process on your machine. No network requests are made to Ashforde OÜ.
The grasp-mcp-server npm package runs as a local process. It reads files from your local filesystem or fetches repository data from GitHub/GitLab using credentials you supply. It does not phone home.
Grasp does not integrate with any third-party analytics, advertising, or tracking services.
If this policy changes materially, the effective date above will be updated and a note will appear in the release changelog.
Questions? Email us at contact@ashforde.org