← BitVibe Labs Updated 2026-07-04

Privacy

What we collect, why, how to delete it.

The service is a chat interface over GitHub repositories. It packs a repo's source code and lets you ask questions about it. This page describes everything we collect, including the conversations themselves and how we handle GitHub access.

What we store about your account

When you sign in with GitHub, we store:

We do not store passwords (sign-in is GitHub OAuth only). We do not run third-party trackers, analytics, or advertising scripts.

GitHub App access and tokens

Sign-in is handled by our GitHub App. The permissions it requests are read-only: repository Contents and Metadata — enough to read the code of repositories you grant access to, and nothing else (no write access, no issues, no actions, no organization administration).

Private-repo code

Plain-English summary: When you chat about a private repo, we read its code, hold it in memory just long enough to answer, and never write that code to our database or cache.

For private repositories, the packed source code is processed in memory only, for the duration of the request, and never stored. The system prompt (which contains the packed code) is rebuilt on every request for private repos rather than persisted, and the packed context is never written to our cache. Only the chat messages and replies are logged, per your consent, and only if you leave logging on.

Conversation logging

For public-repo chats, we save the conversation so you can resume it later and so we can debug and improve answers. For each chat we store:

Anonymous chats (the free messages before signing in): we also log these, attached to a short-lived anonymous cookie. They aren't linked to any account.

Why we log: debugging bad answers, improving the system prompt, and building a per-account history so you can resume past chats. We do not sell or share these logs.

Revoking consent and deleting chats

Processors we rely on

Bot detection

The anonymous chat path includes a Cloudflare Turnstile widget — an invisible bot-detection layer that runs in your browser without storing personal data. Cloudflare's privacy policy applies to that interaction.

Legal basis

For users in the EU/UK, the lawful basis for processing your account and chat data is consent (UK GDPR Art. 6(1)(a) / EU GDPR Art. 6(1)(a)). Consent is given when you sign in and agree to the Terms and chat-logging. You can withdraw it at any time via "Turn off logging" on the history page — see Revoking consent. For a paid subscription, the lawful basis for processing your billing and entitlement data is performance of a contract (Art. 6(1)(b)).

Children

The service is not directed at children under 16. If you believe a child has signed up, email [email protected] and we'll delete the account.

Changes to this policy

Material changes will be reflected here with the "Updated" date above. Non-material changes (typos, clarifications) are made in place.

Contact

BitVibe Labs · [email protected]