Legal

Privacy Policy

We built PulsePR with a data-minimization philosophy. This policy explains exactly what we collect, why, and how long we keep it.

Effective date: June 1, 2025  ·  Last updated: June 1, 2025

The short version: We only touch the diff of the specific PR you tag with @pulsepr. We never clone your repo, never store source code, and never share your data with third parties for advertising.

1. Who We Are

PulsePR ("PulsePR," "we," "us," or "our") is a code review service that connects engineering teams with Staff-level reviewers through the GitHub pull request workflow. Our registered business address and data controller contact is: [email protected].

2. Information We Collect

2.1 Account and billing information

When you sign up, we collect your name, work email address, company name, and billing details (processed by our payment processor — we do not store raw card numbers). For Enterprise clients, we may also collect a billing address and tax identification number.

2.2 GitHub integration data

When you install the PulsePR GitHub App, GitHub provides us with:

  • Your GitHub username and organization membership
  • The diff (changed lines) of any PR where @pulsepr is mentioned
  • PR metadata: title, description, author, repository name, target branch, and label

We request the minimum permissions required: read access to pull request diffs on tagged PRs only. We do not request access to your repository contents, issues, wikis, secrets, or any other data.

2.3 Review communications

Review comments posted by our reviewers in the GitHub PR thread are stored in our system for dashboard reporting purposes. These comments contain no source code — only the reviewer's written feedback.

2.4 Usage and analytics data

We collect standard server logs (IP address, request timestamps, browser/client type) and aggregate product analytics (e.g., number of reviews requested per month, response times). We do not use third-party behavioral tracking scripts.

2.5 Communications with us

If you contact us by email or through our waitlist form, we retain that correspondence to respond to your inquiry and improve our service.

3. How We Use Your Information

  • To provide the service: matching PRs to qualified reviewers, delivering review feedback, and posting comments to GitHub.
  • To operate your dashboard: generating technical debt metrics, review history, and velocity reports.
  • To communicate with you: sending review status updates, billing receipts, and service announcements. You can opt out of non-transactional emails at any time.
  • To improve the product: analyzing aggregate, anonymized usage patterns. We never train machine learning models on your PR content.
  • For legal and security purposes: complying with legal obligations, resolving disputes, and enforcing our agreements.

4. Data Retention

We retain PR diff data only for the duration of the active review engagement. Once a review is marked complete, the raw diff is deleted within 72 hours. Review comments (the reviewer's written feedback, not code) are retained for the lifetime of your subscription to power your dashboard. You may request earlier deletion at any time.

Account and billing records are retained for 7 years as required by financial regulations. Server logs are retained for 90 days.

5. Sharing and Disclosure

We do not sell your data. We share information only in the following limited circumstances:

  • With reviewers: reviewers are shown only the specific PR diff they are assigned. They cannot access other PRs, your repository, or your organization's data. All reviewers are bound by a confidentiality agreement that covers your NDA terms.
  • With service providers: we use a small number of third-party services for infrastructure (hosting, payments, email delivery). These providers process data only on our behalf and under strict data processing agreements.
  • For legal compliance: if required by law, court order, or to protect the rights, property, or safety of PulsePR, our users, or the public.
  • In a business transfer: if PulsePR is acquired or merges with another entity, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

6. Security

We implement security measures appropriate to the sensitivity of the data we handle. Key practices include: TLS encryption in transit, encryption at rest for stored review content, role-based access controls, reviewer access scoped to individual PR assignments, and regular security reviews. Because we do not store your source code, our attack surface is substantially smaller than typical SaaS products.

To report a security vulnerability, see our Security Policy.

7. Your Rights

Depending on your location, you may have rights including: access to your personal data, correction of inaccurate data, deletion of your data, restriction of processing, and data portability. To exercise any of these rights, email [email protected]. We will respond within 30 days.

If you are located in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority.

8. Cookies

Our marketing website uses minimal cookies: a session cookie for authentication and an anonymous analytics cookie. We do not use third-party advertising or retargeting cookies. You can disable cookies in your browser settings without affecting the core review service.

9. Children

PulsePR is not directed at individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify active customers by email at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

Questions about this policy or your data: [email protected].