Privacy Policy

This Privacy Policy explains how AnnitaCode ("we", "us", or "our") collects, uses, and discloses information about you when you access or use our code review platform, websites, and related services (collectively, the "Services").

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website homepage or sending you a notification).

Information You Provide to Us

We collect information you provide directly to us, such as when you create an account, update your profile, connect a repository, or communicate with us. This includes:

• Account Information: Name, email address, username, and authentication tokens from identity providers (e.g., GitHub, Google).
• Billing Information: Payment method details (processed via Stripe), billing address, and transaction history.
• Profile Data: Role, team usage preferences, and custom rules/instructions.

Information We Collect Automatically

• Usage Data: We track API usage, token consumption, and feature interaction to calculate billing and improve service performance.
• Device Information: We collect information about the device you use to access our Services, including the hardware model, operating system and version, and unique device identifiers.

We use the information we collect to:

• Provide, maintain, and improve our Services, including processing code reviews and generating insights.
• Process transactions and send you related information, including confirmations and invoices.
• Send you technical notices, updates, security alerts, and support and administrative messages.
• Detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Personalize your experience and provide content or features that match your profile (e.g., custom persona settings).

Source Code: As stated in our highlights, we do not persist your source code. It is transmitted securely to our inference engine, processed in memory, and discarded immediately. We only retain the metadata of the analysis (e.g., "PR #123 scanned", "2 critical issues found") and the generated review comments for your dashboard history.

Account Data: We retain account and billing information for as long as your account is active or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.

We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. These measures include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Strict access controls and audit logging for internal staff.
• Regular security assessments and penetration testing.