Privacy First

Privacy Policy

Last updated: February 1, 2026

Metadata Only

We only fetch commit messages, PR titles, and ticket names, never your actual source code.

No Code Storage

We never store code in our database. Your repositories remain private.

Transparent Processing

Enterprise AI Code Review is opt-in and processes diffs in memory only.

Encrypted Tokens

All integration credentials are encrypted at rest using industry standards.

1

Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Profile picture (optional)
  • Authentication credentials (hashed passwords or OAuth tokens)

1.2 Activity Data (From Integrations)

When you connect integrations, we fetch metadata only:

Version Control (GitHub, GitLab, Bitbucket)

Commit messages, PR/MR titles, branch names, timestamps. We do NOT fetch code diffs by default.

Ticket Systems (Trello, Jira, Asana, etc.)

Ticket titles, status changes, assignments, timestamps.

Communication (Slack, Discord, Teams)

We only send messages; we do not read your conversations.

Calendar (Google, Outlook)

Meeting titles and times for accepted events only. Private meetings are shown as "Busy".

1.3 Usage Data

We collect anonymous usage statistics to improve the Service:

  • Pages visited and features used
  • Error logs (without personal data)
  • Device and browser information
2

How We Use Your Information

We use collected information to:

  • Generate and deliver automated standup reports
  • Provide AI-powered summaries (Pro plan and above)
  • Send notifications about your activity
  • Improve and maintain the Service
  • Communicate important updates and support
3

Code Review Feature (Enterprise Only)

Important: Explicit Opt-In Required

The AI Code Review feature requires explicit opt-in consent. When enabled, code diffs are temporarily processed in memory for analysis and are never stored in our database. This feature is available only on Enterprise plans.

4

Data Storage and Security

  • Database: We use Supabase (PostgreSQL) with row-level security
  • Token Encryption: All integration tokens are encrypted at rest
  • Transport Security: All data is transmitted over HTTPS/TLS
  • Access Control: Role-based access ensures users only see appropriate data
  • MFA: Multi-factor authentication is available for all accounts
5

Data Retention

  • Activity History: Free plans retain 7 days; paid plans retain unlimited history
  • Account Data: Retained until you delete your account
  • Deleted Accounts: Data is permanently removed within 30 days
6

Data Sharing

We do not sell your data. We may share data with:

  • Service Providers: Essential services (hosting, email, AI processing) under strict contracts
  • Your Team: Activity is visible to team members based on role permissions
  • Legal Requirements: If required by law or to protect our rights
7

Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Withdraw Consent: Disconnect integrations at any time
8

Cookies and Analytics

We use essential cookies for authentication and session management. We do not use tracking cookies for advertising purposes.

Google Analytics

If you accept all cookies via our cookie consent banner, we use Google Analytics to collect anonymous usage data. This helps us understand how visitors use our site and improve the experience. Google Analytics data is anonymized (IP anonymization is enabled) and is not used for advertising. You can opt out at any time by clearing your cookies and selecting "Necessary Only" on your next visit.

9

International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

10

Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.

11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service.

12

Contact Us

For privacy-related inquiries or to exercise your rights, contact us at support@zerostandup.com.