Privacy Policy

CodeIntel (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI code review platform. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Account Information

• Email address (provided during signup or via GitHub OAuth)
• GitHub profile data (username, display name, avatar URL) when you connect GitHub
• Hashed password (for email/password accounts)

Code Review Data

• Code diffs: Temporarily processed for AI review — not stored in our database. Diffs are fetched from GitHub/Azure DevOps at review time and discarded after processing.
• Review findings: AI-generated comments, suggestions, and severity ratings are stored and associated with your account.

Scan Data

• Security scan results and findings (SCA, secret detection)
• Code quality scan results and findings
• Repository scan results and rule suggestions

Usage Data

• Workspace/tenant memberships and roles
• Repository settings and configurations
• Custom rules you create

• AI Code Review: We process code diffs through AI models to generate review findings and suggestions for your pull requests.
• Security Scanning: We analyze repository contents to detect vulnerabilities and exposed secrets.
• Quality Analysis: We run static analysis and custom rules against your code to identify quality issues.
• Account Management: To authenticate you, manage workspace memberships, and provide the service.
• Service Improvement: Aggregated, anonymized analytics (only with your consent) to improve the platform.

• Contract performance: Processing necessary to provide the CodeIntel service you signed up for (Article 6(1)(b)).
• Legitimate interest: Security measures, fraud prevention, and service reliability (Article 6(1)(f)).
• Consent: Analytics and marketing communications, which you can opt in or out of at any time (Article 6(1)(a)).

• Review findings: Stored until you delete them or delete your account.
• Code diffs: Transient — fetched at review time, never persisted in our database.
• Security & quality scan findings: Stored until you delete the scan or your account.
• Account data: Retained while your account is active. Deleted upon account deletion request.
• Archived/soft-deleted items: Retained for 90 days before permanent deletion, unless restored.

Under the GDPR, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data.
• Right to Rectification (Article 16): Request correction of inaccurate data.
• Right to Erasure (Article 17): Request deletion of your account and all associated data.
• Right to Data Portability (Article 20): Export your data in a structured, machine-readable format (JSON).
• Right to Restriction (Article 18): Request restriction of processing in certain circumstances.
• Right to Object (Article 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for analytics and marketing at any time via your account settings.

You can exercise your data portability and erasure rights directly from the Privacy & Data section in your Dashboard Settings.

We use the following third-party services to provide our platform:

• OpenAI: AI models for code review analysis. Code diffs are sent to OpenAI for processing and are subject to OpenAI's Privacy Policy. We use the API with data retention disabled where available.
• GitHub API: To authenticate users, fetch repository data, and post review comments. Subject to GitHub's Privacy Statement.
• Azure DevOps API: For repositories hosted on Azure DevOps, to fetch code and post review comments.

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed with bcrypt (10 salt rounds)
• Database access restricted to application services only
• Session-based authentication with secure, HTTP-only cookies
• Role-based access control within workspaces
• Code diffs are never persisted — processed in-memory and discarded
• Regular security reviews and dependency scanning

We use the following types of cookies:

• Essential cookies: Session authentication cookies required for the service to function. These cannot be disabled.
• Analytics cookies: Used to understand how you interact with the platform (only with your consent).
• Preference cookies: To remember your settings such as selected workspace and UI preferences.

You can manage your cookie preferences through the cookie consent banner or your account settings.

CodeIntel acts as the data controller for personal data collected through the platform. When processing code for AI review, we act as a data processor on behalf of the repository owner.

We maintain Data Processing Agreements (DPAs) with our sub-processors to ensure GDPR compliance throughout the data processing chain.

Your data may be processed in regions outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

CodeIntel is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: privacy@codeintel.dev
• Data Protection Officer: dpo@codeintel.dev

You also have the right to lodge a complaint with your local data protection supervisory authority.