Privacy Policy

PullLight ("we", "our", "us") operates the PullLight GitHub App and the website at pulllight.io. This Privacy Policy describes what data we collect, how we use it, with whom we share it, how long we retain it, and the rights you have over your data.

1. Who This Policy Covers

This policy applies to:

• GitHub users who install the PullLight GitHub App on their organizations or personal accounts.
• Visitors to pulllight.io, the /analyze demo, and other web properties we operate.
• Email addresses submitted via the waitlist or onboarding flows.

2. Data We Collect

2.1 GitHub App Installation Data

When you install the PullLight GitHub App, GitHub sends us an installation event containing:

• Installation ID — a GitHub-assigned identifier for the App installation.
• Account login and type — your GitHub username or organization name.
• Repository name and owner — limited to the repos you granted access to.
• Installed timestamp — when the installation occurred.

We store this in our installations table.

2.2 Pull Request Data

When a pull request is opened in an installed repository, GitHub delivers a webhook containing:

• PR number, title, description, and metadata (author login, repo, target branch).
• The PR diff — the lines added and changed in the PR.
• File paths touched in the diff.

We also fetch additional file contents on demand (only files referenced in the diff) via the GitHub API to provide accurate review context. We do not clone the repository.

PR data is used to construct the AI analysis payload sent to Claude. The raw diff and file contents are not persisted beyond the analysis session. We store the AI-generated findings (not the raw code) in our pending_reviews and pending_review_comments tables.

2.3 Webhook Event Logs

We log every GitHub webhook delivery in a webhook_events table for audit and debugging purposes. Each log entry includes: delivery ID, event type, repo name, action, whether the signature was valid, processing status, and a SHA-256 hash of the raw payload. We do not store the raw webhook payload body.

2.4 Email Addresses

We collect email addresses when you:

• Submit the waitlist form on pulllight.io.
• Install the GitHub App (your GitHub-provided email is used for onboarding emails, subject to your GitHub email visibility settings).

Email addresses are stored in the waitlist and onboarding_emails tables.

2.5 Billing Data

Payment processing is handled by Stripe. We receive subscription plan name and status from Stripe webhooks. We never receive or store raw payment card numbers, bank details, or full billing addresses — Stripe handles all payment data.

2.6 Analytics and Usage

We use a lightweight first-party analytics beacon (no cookies, no cross-site tracking) to count page visits. The beacon sends a session ID (generated client-side, stored in localStorage) and a page slug to our analytics provider. No personal data is attached.

The /analyze demo logs usage per IP (hashed, not raw) including: repo analyzed, number of findings, tokens consumed, and model used — for rate limiting and product analytics.

3. How We Use Data

• Providing the service — analyzing PRs, delivering review findings, posting approved comments to GitHub.
• Communications — sending onboarding and product update emails to installing users. You can opt out at any time via the unsubscribe link in any email.
• Security — validating webhook signatures, detecting abuse, maintaining audit logs.
• Product improvement — aggregated, anonymized analytics on usage patterns (not code content).
• Billing — tracking subscription status for access control.

We do not use your code or PR data to:

• Train AI models (ours or Anthropic's).
• Target advertising.
• Build profiles for sale to third parties.
• Any purpose other than providing the PullLight service.

4. AI Processing (Claude / Anthropic)

PR diffs and context are sent to Claude (Anthropic's API) for analysis. Key terms:

• We use the commercial Anthropic API, not consumer-facing Claude products.
• Anthropic's commercial API terms exclude customer inputs from training data. Your code is not used to train Claude.
• Anthropic processes data under their own privacy policy. They are listed as a subprocessor in our Data & Security page.
• We do not send personally identifiable information (PII), credentials, or secrets to Claude. Webhook delivery tokens and App credentials are stripped before prompt assembly.

5. Data Sharing

We share data only with the subprocessors necessary to operate the service:

• Anthropic — PR diff and context for AI analysis. No PII, no credentials.
• GitHub — installation data, PR metadata, and approved review comments posted back.
• Render — application hosting. Processes inbound HTTP traffic.
• Neon — PostgreSQL database storage. All data encrypted at rest.
• Postmark — transactional email delivery. Receives email addresses and send status.
• Stripe — billing data. Handles payment processing under their own policies.

We do not sell data to third parties, share data with advertising networks, or disclose data to law enforcement without a valid legal process (except where required by law).

6. Data Retention

• Pending reviews — retained until approved, rejected, or expired (7 days). After approval/rejection, AI findings are retained 30 days for audit, then purged.
• Installation records — retained while the installation is active. Deleted when you uninstall the App (see Section 8).
• Webhook event logs — 30-day rolling retention.
• Email addresses — retained until you request deletion or unsubscribe. Unsubscribing from emails does not delete your installation record, but you can request full deletion separately.
• Billing records — retained as required for financial record-keeping (typically 7 years).

7. Your Rights (GDPR / CCPA)

If you are located in the European Economic Area (EEA), United Kingdom, or California, you have the following rights:

GDPR Rights (EEA / UK)

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — request deletion of your personal data.
• Right to restriction — ask us to pause processing while a dispute is resolved.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to processing based on legitimate interest.

CCPA Rights (California)

• Right to know — know what personal information we collect, use, disclose, and sell.
• Right to delete — request deletion of your personal information.
• Right to opt out — opt out of the sale of personal information. We do not sell personal information.
• Right to non-discrimination — we will not discriminate against you for exercising your rights.

To exercise any of these rights, email privacy@pulllight.io. We respond within 30 days.

8. Data Deletion on Uninstall

When you uninstall the PullLight GitHub App from a repository or organization, GitHub sends an installation.deleted webhook event. On receipt:

• Your installation record is marked as uninstalled.
• Pending review sessions for that installation are cancelled.
• Your full data (installation record, associated PR data, review findings) is queued for deletion within 30 days.

To request immediate deletion, email privacy@pulllight.io with your GitHub account or organization name.

9. Security

We apply the following security controls to protect your data:

• All connections use HTTPS / TLS 1.2+.
• GitHub App credentials (PEM, webhook secret) are encrypted at rest with AES-GCM before database storage.
• Every webhook delivery is verified against its HMAC-SHA256 signature before processing.
• Database data is encrypted at rest (Neon).
• Access to production infrastructure is restricted to authorized personnel only.

For detailed technical controls, see our Data & Security page.

10. Cookies and Tracking

We do not use tracking cookies or third-party advertising pixels. The only client-side storage we use is a randomly-generated visitor ID stored in localStorage for first-party analytics. This ID is not linked to any personal information.

11. Children's Privacy

PullLight is a developer tool intended for professional use. We do not knowingly collect personal information from individuals under 16. If you believe we have inadvertently collected data from a minor, contact privacy@pulllight.io and we will delete it promptly.

12. Changes to This Policy

We may update this policy to reflect changes to the service or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact

Privacy questions, data requests, or security disclosures:

• Email: privacy@pulllight.io
• Security: security@pulllight.io