Back to Home
PRIVACY POLICY

Privacy Policy

Last updated: January 15, 2024

1. Data Collection

Covalynce collects minimal data necessary to provide our service:

  • Account Information: Email address, name, and profile picture (from OAuth providers)
  • OAuth Tokens: Encrypted tokens for third-party integrations (GitHub, Twitter, LinkedIn, etc.)
  • Generated Content: Content drafts created by our service (which you can delete at any time)
  • Usage Metrics: API calls, generations created, integrations connected (for service improvement)
  • Webhook Data: Event payloads received from connected services (processed ephemerally)

We do NOT collect: Your source code, repository contents, proprietary information, or any data beyond what's necessary for the service to function.

2. Zero Data Retention

Covalynce uses an ephemeral processing model. When you trigger a content generation:

  1. We receive your code diff via webhook (GitHub, Jira, Linear)
  2. We analyze it in memory (never written to disk)
  3. We generate content using LLM APIs (OpenAI, Anthropic)
  4. We immediately discard the code diff from memory
  5. Only the generated content draft is stored (until you delete it)
Processing Timeline:
Webhook received → Analysis (RAM) → LLM call → Diff discarded → Draft stored
Total time in memory: < 5 seconds

3. Data Usage

We use your data solely to:

  • Service Provision: Generate content, manage integrations, and deliver notifications
  • Service Improvement: Analyze usage patterns to improve our algorithms and features
  • Communication: Send service-related notifications (generation ready, integration updates)
  • Legal Compliance: Comply with legal obligations and respond to lawful requests

We never: Sell your data, use it for advertising, share it with third parties (except as necessary for service provision), or use it to train models beyond content generation.

4. Your Rights

Under GDPR, CCPA, and other privacy laws, you have the right to:

Access

Request a copy of all personal data we hold about you

Correction

Correct inaccurate or incomplete data

Deletion

Delete your account and all associated data (permanent and immediate)

Portability

Export your data in a machine-readable format (JSON)

Opt-Out

Opt-out of non-essential data processing (analytics, marketing emails)

To exercise these rights, contact us at privacy@covalynce.com. We will respond within 30 days.

5. Third-Party Services

Covalynce integrates with third-party services. Your use of these services is subject to their respective privacy policies:

OAuth Providers

GitHub, Twitter, LinkedIn - We only receive OAuth tokens, not your full account data

LLM Providers

OpenAI, Anthropic - Code diffs are sent for analysis only. They do not store your code.

Hosting & Infrastructure

AWS - All data is encrypted at rest and in transit. AWS cannot access your data.

We only share data necessary for the integration to function. We do not allow third parties to use your data for their own purposes.

6. Data Retention

Generated Content

Stored until you delete it. No automatic expiration.

Account Data

Retained while your account is active. Deleted immediately upon account deletion.

Usage Metrics

Aggregated metrics retained for 2 years for service improvement. No personal identifiers.

Code Diffs

Never stored. Processed ephemerally and immediately discarded.

7. Children's Privacy

Covalynce is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. Contact

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email:
privacy@covalynce.com
Data Protection Officer:
dpo@covalynce.com

We respond to all privacy inquiries within 30 days as required by GDPR and CCPA.