Privacy Policy
This policy covers CodePulse Reviews (the Slack app, the dashboard at review.codepulsehq.com, and the GitHub App codepulse-review).
We process your code and Slack messages only to produce the review you asked for. Source code is deleted when each review container exits. We don’t train AI models on your code, and you can delete everything at any time.
Who we are
CodePulse Reviews is operated by Keep Pushing Forward Ltd (trading as “CodePulse”), registered in England & Wales and based in Hampshire, UK. We’re the data controller for the information described below. Questions go to privacy@codepulsehq.com.
What we collect
We only collect what’s needed to deliver the service, reconcile billing, and keep the system safe.
| Category | What it is & why we need it |
|---|---|
| Account & workspace | Slack workspace ID + name, installer’s Slack user ID, bot token. GitHub App installation ID and connected org. Used to authenticate requests and deliver reviews to the right place. |
| Repository content | During a review we clone the PR’s branch into a short-lived container, send the diff and targeted file context to the AI model, and post the resulting review back to GitHub. Code is not retained after the container exits; the cloned copy is deleted with the container. |
| Review metadata | PR URL, review outcome, severity-tagged comment counts, review duration, model used, token counts. Retained for billing, quota tracking, and to power your dashboard’s usage charts. |
| Seat & developer identity | The GitHub login of each PR author we’ve licensed, their assignment/revocation history, and the last date they triggered a review. Used to determine who gets reviews and who gets billed for. |
| Dashboard sign-in | Your GitHub login and the orgs you administer, supplied by GitHub’s OAuth flow. We use this to match you to a workspace and to check admin permissions — not for profiling. |
| Billing | Stripe customer and subscription IDs, plan, seat quantity, and trial/renewal dates. We don’t see your card number — Stripe holds that directly. |
| Operational logs | Request IDs, timestamps, error traces, and basic usage counters. Used to debug and to detect abuse. Logs scrub obvious secrets (tokens, keys) on write. |
Cookies & similar technologies
We set a signed session cookie once you sign in to the dashboard (HttpOnly, Secure, SameSite=Lax) so we know which workspace you’re viewing. A short-lived CSRF cookie is set on pages with forms. We also use a small set of product-analytics and error-tracking tools on the dashboard and marketing pages to understand how the product is used and to catch bugs; these set cookies or local-storage keys under the codepulsehq.com domain and may send pseudonymised usage data to their providers. You can block these via browser settings or tracking-protection extensions without losing app functionality.
Where your data goes (sub-processors)
We use a small number of external services to run CodePulse Reviews. Every one is covered by a data-processing agreement with appropriate safeguards.
| Provider | Purpose |
|---|---|
| Amazon Web Services | Hosting, storage, and compute (Lambda, Fargate, DynamoDB, EFS, SSM) in the eu-west-1 (Ireland) region. |
| Anthropic | The Claude model that performs the review. Anthropic does not train on API traffic sent by CodePulse. |
| OpenAI | Used only when you opt into the Codex provider. OpenAI does not train on API traffic sent by CodePulse. |
| Slack | Messaging transport and workspace identity. |
| GitHub | Source of truth for code and the target for posted reviews. |
| Stripe | Payment processing and subscription management. |
| Product & error analytics | A small set of analytics and error-monitoring tools (currently including PostHog, Sentry, Google Analytics, and Microsoft Clarity) used to improve the product and catch bugs. |
Bring Your Own Key (BYOK)
If you set an Anthropic or OpenAI API key on your workspace, AI traffic routes under your key and billing. CodePulse stores the key encrypted at rest and uses it only to authenticate requests on your behalf; the key is never returned by the dashboard or logged.
AI training
We don’t train any AI model — ours or anyone else’s — on your code, your PR descriptions, or your Slack messages. The API contracts with Anthropic and OpenAI prohibit training on CodePulse traffic.
Retention
- Source code — deleted when the review container exits (minutes). Not persisted.
- Review metadata & usage counters — retained while your workspace is active; archived and deleted within 90 days of workspace offboarding.
- Billing records — kept for 7 years to meet HMRC/VAT obligations.
- Operational logs — 30 days by default.
- Backups — rolling 35-day retention on the database.
Your rights
Under UK/EU GDPR you can ask us to: access the data we hold about you, correct it, delete it, export it in a machine-readable form, or restrict how we use it. Workspace admins can self-serve most of this from the dashboard. For anything else, email privacy@codepulsehq.com from the address associated with your account — we’ll respond within 30 days. If you believe we’ve mishandled your data, you can complain to the UK Information Commissioner’s Office (ico.org.uk).
International transfers
Our primary infrastructure is in the EU (AWS eu-west-1). Some sub-processors (Stripe, Anthropic, OpenAI, the analytics tools) are headquartered in the United States; transfers to them rely on the Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
Security
We run on hardened AWS infrastructure with least-privilege IAM, encrypted storage (at rest and in transit), signed session cookies, CSRF protection on every mutating endpoint, and webhook signature verification on every external event. Secrets live in AWS SSM Parameter Store, never in code. Access to production is gated by SSO and reviewed regularly. If you find a security issue, email security@codepulsehq.com.
Changes
If we make material changes to this policy we’ll post the new version here and email workspace admins at least 14 days before the changes take effect. The “Effective” date at the top reflects the current version.