Privacy Policy - Commit Bear | Data Protection & Security

Our Privacy Commitment

At Commit Bear, we believe that your code and data should remain private and secure. We've built our service with privacy-first principles, ensuring that your source code never leaves your GitHub environment and your personal information is protected with industry-leading security measures.

Information We Collect

Account Information

Email address (for account creation and communication)
GitHub username and profile information (when you connect your GitHub account)
Organization and repository information (only for repositories where you install our GitHub App)

Usage Information

Pull request metadata (titles, descriptions, commit messages)
Analysis results and generated reports
Usage statistics and feature interactions
Error logs and performance metrics

What We DON'T Collect

Your source code: We never store or transmit your actual code files
Sensitive data: API keys, passwords, or other secrets in your code
Private repository content: File contents remain in your GitHub environment

How We Use Your Information

Service Delivery: To provide AI-powered code analysis and generate reports
Communication: To send you important updates about our service
Improvement: To enhance our AI models and service quality (using anonymized data only)
Support: To provide customer support and troubleshoot issues
Security: To detect and prevent fraud, abuse, and security threats

Data Security & Protection

Code Security

All code analysis happens within GitHub's secure infrastructure
We use GitHub's API with minimal necessary permissions
No source code is ever transmitted to our servers
Analysis results are encrypted in transit and at rest

Data Protection

Industry-standard encryption (TLS 1.3) for all data transmission
Regular security audits and penetration testing
Access controls and authentication for all systems
Data backup and disaster recovery procedures

Data Sharing & Third Parties

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share limited information in these specific circumstances:

Service Providers: Trusted partners who help us operate our service (e.g., cloud hosting, analytics)
Legal Requirements: When required by law or to protect our rights and users
Business Transfers: In the event of a merger, acquisition, or sale of assets

Your Rights & Choices

Access: Request a copy of your personal data
Correction: Update or correct your information
Deletion: Request deletion of your account and data
Portability: Export your data in a machine-readable format
Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@vibecommit.com.

Data Retention

Account information: Retained while your account is active
Analysis results: Retained for 12 months or until account deletion
Usage logs: Retained for 6 months for security and debugging purposes
Marketing data: Retained until you opt-out or request deletion

International Data Transfers

Our services are hosted in secure data centers in the United States. If you're accessing our service from outside the US, your information may be transferred to, stored, and processed in the US. We ensure appropriate safeguards are in place for international transfers.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: privacy@vibecommit.com
General inquiries: hi@vibecommit.com