Privacy Policy
Last updated: January 5, 2026 · Effective: January 5, 2026
Privacy at a Glance
Table of Contents
1. Introduction
Git AutoReview ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our VS Code extension and related services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.
Data Controller: Git AutoReview operates as the data controller for personal information collected through our website and licensing system. For code review processing, you remain the data controller, and we act as a data processor following your instructions.
2. Information We Collect
2.1 Account Information
When you purchase a license or create an account, we collect:
- Email address (for license delivery and support)
- License key (generated unique identifier)
- Payment information (processed by our payment provider, not stored by us)
2.2 Usage Data
To provide and improve our Service, we collect aggregated, non-identifying usage data:
- Number of code reviews performed (count only, not content)
- Repository names (for usage analytics, optional)
- Feature usage patterns (which AI models selected, etc.)
- Error logs (for debugging, without code content)
2.3 Technical Data
When you visit our website or use our Service, we may automatically collect:
- IP address (anonymized for analytics)
- Browser type and version
- Operating system
- VS Code version
- Extension version
3. Information We Do NOT Collect
We explicitly do NOT collect, store, or process:
- Your Source Code
Code is processed locally in VS Code and sent directly to AI providers. We never see, store, or have access to your code.
- Your API Keys
When using BYOK (Bring Your Own Key), your API keys are stored locally in VS Code's SecretStorage. We never transmit or access your keys.
- Bitbucket/Git Credentials
Your Bitbucket API tokens are stored locally in VS Code's SecretStorage and used only for direct API calls to Bitbucket.
- AI Review Results
Review comments and suggestions are stored locally in VS Code and published directly to Bitbucket. We do not retain copies.
4. How We Use Information
We use the information we collect for the following purposes:
- License Management: To validate your license and enforce usage limits
- Service Provision: To provide, maintain, and improve our Service
- Usage Analytics: To understand how our Service is used and identify improvements
- Customer Support: To respond to your inquiries and provide technical support
- Communication: To send important updates about the Service (you can opt out)
- Legal Compliance: To comply with applicable laws and regulations
Legal Basis (GDPR): We process your data based on: (a) contract performance (license agreement), (b) legitimate interests (service improvement, security), and (c) your consent where required.
5. Third-Party Services
5.1 AI Model Providers
When you perform a code review, your code is sent directly from your VS Code to the AI provider you select. We support:
- Anthropic (Claude): Subject to Anthropic's Privacy Policy. API data is not used for training.
- Google (Gemini): Subject to Google's Privacy Policy. API data is not used for training when using paid API.
- OpenAI (GPT): Subject to OpenAI's Privacy Policy. API data is not used for training by default.
Important: When using BYOK (your own API keys), you are directly contracting with the AI provider. Please review their privacy policies and terms of service. We recommend using API keys with zero data retention options where available.
5.2 Infrastructure Providers
- Supabase: Hosts our license validation and usage tracking backend. Located in the EU. Subject to Supabase Privacy Policy.
- Render: Hosts our website and web services. Subject to Render Privacy Policy.
- Whop: Processes payments and license distribution. Subject to Whop Privacy Policy.
5.3 Analytics
- Google Analytics: For website analytics (anonymized IP). You can opt out using browser extensions.
- Microsoft Clarity: For session recordings and heatmaps (no personal data captured).
6. Data Retention
We retain your data only as long as necessary for the purposes described:
| Data Type | Retention Period |
|---|---|
| Source Code | Not stored — processed in memory only |
| API Keys (BYOK) | Not stored by us — local VS Code storage only |
| Account Information | Until account deletion + 30 days |
| Usage Statistics | 90 days (aggregated, anonymized) |
| Payment Records | As required by law (typically 7 years) |
| Support Communications | 2 years after last contact |
7. Your Rights
7.1 GDPR Rights (EU/EEA/UK)
If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
7.2 CCPA/CPRA Rights (California)
If you are a California resident, you have the following rights:
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
7.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@gitautoreview.com. We will respond within 30 days (or as required by applicable law).
We may need to verify your identity before processing your request. You will not be charged a fee for exercising your rights.
8. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: All data in transit uses TLS 1.3 encryption
- Local Storage: Sensitive data (API keys, credentials) stored in VS Code SecretStorage
- Access Control: Strict role-based access to our systems
- No Code Storage: We never store your source code on our servers
- Regular Audits: Periodic security reviews and updates
- Incident Response: Documented procedures for security incidents
While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@gitautoreview.com.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- Our primary infrastructure (Supabase) is hosted in the EU
- AI providers may process data in the US under their respective data protection agreements
- We rely on Standard Contractual Clauses (SCCs) for transfers outside the EU/EEA
- When using BYOK, data flows directly to your chosen AI provider per their policies
10. Children's Privacy
Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gitautoreview.com, and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last updated" date at the top
- Sending an email notification for significant changes (if you have an account)
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@gitautoreview.com
General Support: support@gitautoreview.com
Security Issues: security@gitautoreview.com
Disclaimer
Git AutoReview provides AI-generated code review suggestions "as is" without warranties of any kind. AI suggestions are for informational purposes only and should not be considered as professional advice. You are solely responsible for:
- Reviewing and validating all AI-generated suggestions before implementation
- Ensuring your code complies with applicable laws and regulations
- Managing your own API keys and credentials securely
- Compliance with your organization's security policies