Privacy Policy

This Privacy Policy explains how GitSniff ("we", "us", or "our") collects, uses, and discloses information about you when you access or use our AI-powered code review platform, websites, and related services (collectively, the "Services").

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website homepage or sending you an email notification).

Information You Provide to Us

We collect information you provide directly to us, such as when you create an account, update your profile, connect a repository, or communicate with us. This includes:

• Account Information: Name, email address, username, and authentication tokens from identity providers (e.g., GitHub, Google).
• Billing Information: Payment method details (processed via Stripe), billing address, and transaction history.
• Profile Data: Role, team usage preferences, and custom rules/instructions.

Information We Collect Automatically

• Usage Data: We track API usage, token consumption, and feature interaction to calculate billing and improve service performance.
• Device Information: We collect information about the device you use to access our Services, including the hardware model, operating system and version, and unique device identifiers.

We use the information we collect to:

• Provide, maintain, and improve our Services, including processing code reviews and generating insights.
• Process transactions and send you related information, including confirmations and invoices.
• Send you technical notices, updates, security alerts, and support and administrative messages.
• Detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Personalize your experience and provide content or features that match your profile (e.g., custom persona settings).

Source Code: As stated in our highlights, we do not persist your source code. It is transmitted securely to our inference engine, processed in memory, and discarded immediately. We only retain the metadata of the analysis (e.g., "PR #123 scanned", "2 critical issues found") and the generated review comments for your dashboard history.

Account Data: We retain account and billing information for as long as your account is active or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.

We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. These measures include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Strict access controls and audit logging for internal staff.
• Regular security assessments and penetration testing.

We use the following third-party services to operate GitSniff:

• Supabase: Database and authentication services. Supabase processes your account information and handles GitHub OAuth authentication. See Supabase Privacy Policy.
• OpenRouter: AI model gateway that processes your code for analysis. Code is transmitted securely and not retained by OpenRouter or the underlying AI providers. See OpenRouter Privacy Policy.
• Stripe: Payment processing and billing. Stripe handles all payment card data. We never see or store your full payment card details. See Stripe Privacy Policy.
• GitHub: Source code access via GitHub App integration. We only request the minimum permissions necessary (repository metadata and pull request access). See GitHub Privacy Statement.
• Inngest: Background job processing for code analysis workflows. See Inngest Privacy Policy.
• Vercel: Application hosting and content delivery. See Vercel Privacy Policy.

We use cookies and similar tracking technologies to operate our Services and track activity:

• Essential Cookies: Required for authentication, security, and core functionality.
• Analytics: We use privacy-focused analytics to understand how users interact with our platform.
• Preferences: Store your UI preferences, theme selection, and dashboard settings.

You can control cookies through your browser settings. Note that disabling essential cookies may affect your ability to use certain features of the Services.

GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (subject to legal obligations).
• Right to Data Portability: Receive your data in a machine-readable format.
• Right to Object: Object to processing of your personal data.
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Withdraw Consent: Withdraw consent for data processing at any time.

CCPA Rights (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected from you.
• Right to Opt-Out: Opt-out of the "sale" of personal information (Note: We do not sell personal information).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at privacy@gitsniff.ai. We will respond to your request within 30 days.

GitSniff is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers are located.

For users in the European Economic Area (EEA), UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for the transfer of your personal data.

GitSniff is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws. We will provide information about the nature of the breach, the data affected, and the steps we are taking to address it.