Privacy Policy

1. Data We Collect

• Account data: Email address and name from your Google account via OAuth.
• Repository data: Code diffs from pull requests / merge requests you connect to Revuo.
• Usage data: Review counts, timing, and error logs for service operation.
• Credentials: GitHub/GitLab API tokens and AI provider keys, stored encrypted at rest (AES-256-GCM).

2. How We Use Your Data

• To provide the code review service — diffs are sent to AI providers to generate review findings.
• To send invitation emails when you invite team members.
• To enforce usage quotas and billing.

3. Third-Party Sub-processors

We share code diffs with AI providers to generate reviews. Current sub-processors include:

• Anthropic (Claude API) — for AI-powered code analysis
• OpenAI — optional AI provider
• Google (Gemini) — optional AI provider
• Resend — for transactional emails
• Render.com — infrastructure hosting
• Stripe — payment processing

4. Data Retention

Review findings are retained while your account is active. When you delete your account, your personal data, review history, and stored credentials are permanently deleted. We retain a record of deleted emails for security purposes (to prevent re-registration abuse).

5. Your Rights (GDPR / CCPA)

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (right to erasure)
• Data portability
• Object to processing

To exercise these rights, delete your account from Settings → Account, or contact [email protected]

6. Security

We use AES-256-GCM encryption for all stored credentials. Connections use TLS. Access to production systems is limited to authorized personnel.

7. Cookies

We use a single HttpOnly session cookie for authentication. No third-party tracking cookies are used.

8. Contact

For privacy inquiries: [email protected]