Privacy Policy

Information We Collect

We may collect information in the following ways:

Personal information

• — When you register, we collect personal information such as your name, email address, and GitHub account information.
• — We store pull request diffs for analysis purposes. Full file contents are not stored in our database, but may be fetched on-demand from GitHub and transmitted to our AI provider during a review session to provide context-aware suggestions.

GitHub data

• — When you connect your GitHub account, we may access basic profile information and repositories you grant us permission to.
• — We do not modify or push changes to your repositories. Pull request diffs are stored for analysis. During a review, the AI may request full file contents from GitHub via the API; those file contents are processed in-memory and are not stored in our database.

Automatically collected

• — When you access our service, we may collect device and usage data including IP address, browser type, operating system, and activity logs.
• — We use Google Analytics 4 to collect anonymous usage data. This includes a browser cookie (_ga) that contains a randomly generated client ID used to distinguish users. No personally identifiable information is sent to Google Analytics.

How We Use Your Information

We use the information we collect to:

• — Provide and improve the service — to process requests, manage accounts, and ensure the service functions as intended.
• — Analyze code quality — using pull request diffs, we process data through our AI model to generate feedback.
• — Communicate — we may send administrative or service-related communications.

Sharing of Information

We do not sell, rent, or lease your personal information. We may share data in the following cases:

• — OpenAI — pull request diffs and, where required for analysis, file contents fetched from GitHub are sent to OpenAI to generate code review feedback.
• — Stripe — payment information is processed by Stripe. We do not store payment card details on our servers.
• — Mailtrap — transactional emails (e.g. notifications, account communications) are delivered via Mailtrap, which receives your email address and the content of those emails.
• — Google Analytics — anonymous usage events and a browser-based client ID are sent to Google Analytics 4 to help us understand how the service is used.
• — Sentry — error and exception data, which may include request context, is sent to Sentry for operational monitoring and debugging.
• — Compliance with laws — we may disclose information if required by law or to protect our legal rights.

AI Data Processing

Our AI model, currently provided by OpenAI, processes pull request diffs from your repositories. During a review session the AI may also request full file contents from your repository via the GitHub API in order to provide accurate, context-aware suggestions. Those file contents are transmitted to OpenAI as part of the review conversation and are processed in-memory; they are not stored in our database. By using the service, you agree to OpenAI's Terms of Use and Privacy Policy.

Analytics & Tracking

We use Google Analytics 4 to understand how visitors use the service. The following data may be collected:

• — Pages visited, navigation paths, and time spent on pages.
• — Anonymised account lifecycle events such as account creation.
• — A browser cookie (_ga) containing a randomly generated client ID used solely to distinguish unique sessions. This ID does not identify you personally.

You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on or by adjusting your browser's cookie settings.

Data Security

We implement industry-standard security measures to protect your personal information. No security system is completely impenetrable, and we cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your credentials.

Retention of Data

We retain your data as follows:

• — Account data (name, email, GitHub profile) — retained for the duration of your account and deleted upon verified account deletion request.
• — Pull request diffs, generated reviews, and review comments — retained indefinitely to support history and analytics features. You may request deletion by contacting us.
• — GitHub API request logs — retained for operational and security purposes. These logs may contain response payloads from GitHub API calls made on your behalf.
• — Payment records — retained as required by applicable financial and tax regulations.

Your Data Rights

Depending on your location, you may have the following rights regarding your personal data:

• — Access — you can request a copy of the data we hold about you.
• — Correction — you may ask us to correct inaccurate or incomplete information.
• — Deletion — you may request that we delete your personal data, subject to certain exceptions.
• — Objection — you can object to the processing of your personal data under certain circumstances.

To exercise these rights, contact us at [email protected].

Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of such sites. Please review the privacy policies of those third parties before providing personal information.

Children's Privacy

Our service is not intended for individuals under 18. We do not knowingly collect personal data from children. If we discover we have inadvertently collected data from a child under 18, we will take steps to delete it.

Changes to This Policy

We may update this policy from time to time. If we make changes, we will notify you by updating the effective date at the top of this policy and may provide additional notice via the homepage or email.

Contact

Questions about this policy? Reach us at [email protected].