GitReviewed
    Back

    Privacy Policy for GitReviewed

    Last updated: 2025-05-27

    This Privacy Policy describes how GitReviewed ("GitReviewed," "we," "our," or "us") collects, uses, and protects your personal information when you use our website and software services (the "Service"). By using the Service, you agree to the terms of this Privacy Policy.

    1. Information We Collect

    1.1 Account Information

    When you sign up, we collect your name, email address, and billing details (for paid plans).

    1.2 OAuth Permissions

    When you authorize GitReviewed via GitHub, GitLab, or similar platforms, we request access to repositories and pull request metadata strictly as required to operate the Service.

    1.3 Personal Access Token (PAT) for GitHub

    Providing a GitHub Personal Access Token (PAT) is optional. If you do not provide a PAT, you can only review public repositories in read-only mode. For organization repositories, you will need admin approval to post comments. If you choose to provide a PAT, it is used solely to retrieve your pull requests and to post review comments on your behalf. We store your PAT securely using strong AES-256 encryption and strict access controls, and you can revoke it at any time in your GitHub settings.

    1.4 Usage Data

    We collect anonymized usage metrics such as token usage, feature usage, and timestamps to improve service performance and detect abuse. This data is never shared with third parties in a personally identifiable way.

    1.5 Payment Information

    Payments are securely handled by Stripe. We never store your card details. For more on Stripe's data practices, see https://stripe.com/privacy.

    1.6 Cookies

    We use cookies for essential site functions and analytics.

    • Clerk cookies are strictly necessary for authentication and login. These cookies are required for the Service to function and cannot be disabled if you wish to log in or use authenticated features. Clerk cookies do not store personally identifiable information by default. See Clerk's documentation for more details.
    • PostHog cookies are used for analytics to help us understand how you use the product and improve it. These cookies are only set if you accept cookies via our cookie consent banner. If you decline, PostHog operates in cookieless mode (in-memory, no persistent ID, no cross-session tracking). See PostHog cookieless tracking and PostHog persistence docs.
    • You can manage your cookie preferences at any time using the cookie consent banner.
    • Withdrawing Consent: You may withdraw your consent for analytics cookies at any time by updating your preferences in the cookie consent banner.

    2. Legal Basis for Processing

    We process your personal data on the following legal bases:

    • Contract: To provide and maintain the Service as agreed in our Terms of Service.
    • Consent: For analytics cookies and marketing communications, where you have given explicit consent.
    • Legitimate Interest: To improve and secure our Service, prevent abuse, and ensure proper billing and support.

    3. How We Use Your Data

    • To provide and maintain the Service
    • To process payments and manage subscriptions
    • To send essential notifications (e.g., billing, service updates)
    • To improve and optimize the Service
    • To prevent fraud or abuse

    4. Code & Repository Data

    • We never store your source code or diffs.
    • Pull Request data is processed in-memory only and discarded after generating review comments.
    • No code is used for training machine learning models.

    5. Data Sharing

    We do not sell or share your personal data with third parties except:

    • With subprocessors essential to running the Service (e.g. Stripe, Google Gemini, OpenAI, OpenRouter, PostHog and Clerk)
    • When required by law or legal process
    • To investigate abuse, fraud, or violations of our Terms of Service

    6. Data Retention

    We retain account and billing data as long as your account is active or as needed to comply with legal obligations. You may request deletion of your account at any time.

    7. Security

    We use industry-standard security measures including HTTPS encryption, in-memory processing of sensitive data, and strict access controls. All tokens are stored using strong AES-256 encryption and are only accessible to our core systems.

    8. Data Breach Notification

    In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with applicable law.

    9. Your Rights (EU & International Users)

    You may:

    • Access the personal data we hold about you
    • Request corrections or deletion
    • Object to processing or request data portability
    • Restrict processing of your data
    • Withdraw consent at any time (for analytics/marketing cookies)
    • Not be subject to automated decision-making or profiling
    • File a complaint with your local data protection authority (find your authority here)
    • Manage your cookie and analytics preferences at any time using the cookie consent banner

    To exercise these rights, contact us at support@gitreviewed.com

    10. Data Protection Officer / Contact

    If you have questions about this policy or your data, or wish to exercise your rights, contact our Data Protection Officer (DPO) or privacy team at support@gitreviewed.com.

    11. Automated Decision-Making and Profiling

    We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

    12. Children's Privacy

    Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

    13. International Data Transfers

    Our infrastructure and providers (e.g. Stripe, Google Gemini, OpenAI, OpenRouter, PostHog and Clerk) may store or process data outside your country, including in the United States. We ensure these transfers comply with applicable data protection laws.

    14. Changes to This Policy

    We may update this Privacy Policy. Material changes will be notified via email or within the Service. Continued use after changes means acceptance.

    15. Contact Us

    Email us at support@gitreviewed.com for any questions or concerns.

    Thanks for using GitReviewed!