Privacy
The service is a chat interface over GitHub repositories. It packs a repo's source code and lets you ask questions about it. This page describes everything we collect, including the conversations themselves and how we handle GitHub access.
When you sign in with GitHub, we store:
We do not store passwords (sign-in is GitHub OAuth only). We do not run third-party trackers, analytics, or advertising scripts.
Sign-in is handled by our GitHub App. The permissions it requests are read-only: repository Contents and Metadata — enough to read the code of repositories you grant access to, and nothing else (no write access, no issues, no actions, no organization administration).
Plain-English summary: When you chat about a private repo, we read its code, hold it in memory just long enough to answer, and never write that code to our database or cache.
For private repositories, the packed source code is processed in memory only, for the duration of the request, and never stored. The system prompt (which contains the packed code) is rebuilt on every request for private repos rather than persisted, and the packed context is never written to our cache. Only the chat messages and replies are logged, per your consent, and only if you leave logging on.
For public-repo chats, we save the conversation so you can resume it later and so we can debug and improve answers. For each chat we store:
facebook/react) and whether it is private.Anonymous chats (the free messages before signing in): we also log these, attached to a short-lived anonymous cookie. They aren't linked to any account.
Why we log: debugging bad answers, improving the system prompt, and building a per-account history so you can resume past chats. We do not sell or share these logs.
/me/history, click "Turn off logging." Future chats won't be saved server-side. Past chats remain readable until you explicitly delete them.The anonymous chat path includes a Cloudflare Turnstile widget — an invisible bot-detection layer that runs in your browser without storing personal data. Cloudflare's privacy policy applies to that interaction.
For users in the EU/UK, the lawful basis for processing your account and chat data is consent (UK GDPR Art. 6(1)(a) / EU GDPR Art. 6(1)(a)). Consent is given when you sign in and agree to the Terms and chat-logging. You can withdraw it at any time via "Turn off logging" on the history page — see Revoking consent. For a paid subscription, the lawful basis for processing your billing and entitlement data is performance of a contract (Art. 6(1)(b)).
The service is not directed at children under 16. If you believe a child has signed up, email [email protected] and we'll delete the account.
Material changes will be reflected here with the "Updated" date above. Non-material changes (typos, clarifications) are made in place.
BitVibe Labs · [email protected]