Privacy Policy

1. Introduction

PullSight (“PullSight,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through this Privacy Policy (“Policy”). A core element of our mission is safeguarding your personal information and being transparent about what we collect, how we use it, and with whom we share it.

This Policy describes our practices for collecting, using, maintaining, protecting, and disclosing information through https://pullsight.ai and any subdomains (the “Website”), our web application(s) (our “App”), and all software, services, technology platforms, APIs, browser extensions, and related applications we provide (collectively, the “Services”).

Please read this Policy carefully. If you do not agree with it, you should not use the Services. By accessing or using the Services, you agree to this Policy. We may update this Policy from time to time (see 13. Changes to This Policy). Your continued use of the Services after changes become effective constitutes acceptance of the revised Policy.

Controller & Contact Details:
 PullSight is provided by Meliora Group LTD, UIC/VAT: BG205795985, address: 46 William Gladstone St., 1000 Sofia, Bulgaria.
Email: privacy@pullsight.ai (privacy matters) | support@pullsight.ai (product support)

2. Information We Collect and How We Collect It

We collect the minimum data necessary to provide and improve the Services.

A. Information You Provide to Us (or We Receive on Your Behalf)

  • Account & Contact Information (Personal Data): Name, email, password (hashed), organization/workspace, role, and preferences collected during sign-up or profile updates.

  • Billing & Payment: Payment card details, billing address, tax/VAT details may be processed by our payment processors (e.g., Stripe). We do not store full card numbers.

  • Content & Repository Data (Service Data): Depending on integrations you enable (e.g., GitHub, GitLab, Bitbucket, Azure DevOps), we may process metadata about repositories, pull requests/merge requests, diffs, commit messages, code snippets necessary to perform code review analytics, comments, and configuration settings.

  • Support & Communications: Messages, tickets, emails, feedback, surveys, and other communications with us.

  • User Contributions: Posts or messages you choose to share in forums, communities, or public channels. User Contributions may be publicly visible; share personal information there at your own risk.

  • Marketing Preferences: Newsletter sign-ups, webinar registrations, beta programs.

By providing contact details in connection with an activity or service, you acknowledge a business relationship with PullSight and consent to receive communications as permitted by law. See 9. Your Rights and Choices for how to manage preferences.

B. Information Collected Automatically

When you interact with the Website/App, we and our service providers may automatically collect:

  • Usage Data: Pages viewed, buttons clicked, features used, time on page, navigation paths, response times, error logs.

  • Device/Technical Data: IP address, device type, operating system, browser type/version, language, timezone, and similar diagnostics.

  • Approximate Location: Derived from IP (country/region level) to localize content and comply with regional requirements.

  • Non-Identifying Data: Aggregated or de-identified analytics.

We may combine automatically collected data with other information we hold to improve Services, security, and analytics.

C. Cookies and Similar Technologies

We (and partners) use cookies and similar technologies to operate and improve the Services, remember preferences, perform analytics, and measure campaigns.

  • Cookies: Session cookies (expire when you close your browser) and persistent cookies (remain until they expire or you delete them). You can control cookies in your browser; disabling some cookies may limit functionality.

  • Web Beacons/Tracking Pixels: Measure effectiveness of pages/emails and user engagement.

  • Embedded Scripts/SDKs: Improve feature performance and collect interaction data.

D. Information from Third Parties/Integrations

If you connect third-party services, we may receive information from them consistent with your permissions and their policies. Examples include:

  • SCM/Dev Platforms: GitHub, GitLab, Azure DevOps, Bitbucket (e.g., OAuth tokens, username/org, repo/PR metadata/permissions). We do not receive your platform password.

  • Issue/Project Tools: Jira, Linear (issue IDs, titles, statuses, assignees) to enrich code review context.

  • Auth Providers/SSO: Limited profile and email to provision your account.

  • Communities/SNS (e.g., Discord): Depending on your settings, we may receive your handle and workspace linkage.

3. Do Not Track Signals

Some browsers offer “Do Not Track” (DNT). We do not respond to DNT signals. We do not permit third parties to collect your personal information across the Website for their own marketing.

4. Children’s Privacy

The Services are intended for users 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact privacy@pullsight.ai and we will take appropriate steps.

5. How We Use Your Information

We use personal data to:

  • Provide, maintain, and secure your Account and workspace(s).

  • Perform code review analytics and deliver insights, comments, and recommendations you request.

  • Process payments, manage subscriptions, and provide invoicing and tax documentation.

  • Operate, maintain, protect, troubleshoot, and improve the Services (including machine performance, UI/UX, and feature development).

  • Communicate with you (service notices, security alerts, transactional emails); market products and features where permitted (you can opt out).

  • Personalize content, features, and experiences.

  • Detect, prevent, and respond to fraud, abuse, and security incidents.

  • Comply with legal obligations and enforce our terms and policies.

  • Identify PullSight users and attribute usage within organizations.

  • Any purpose disclosed to you at collection or with your consent.

6. Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data on these bases:

  • Contractual Necessity: To provide the Services you request (account, integrations, reviews, billing).

  • Legitimate Interests: Improve and secure the Services; prevent fraud/abuse; product analytics; limited direct B2B marketing; personalization (balanced against your rights).

  • Consent: Where required (e.g., certain cookies/marketing). You may withdraw consent at any time.

  • Legal Obligation: Tax, accounting, compliance, and responding to lawful requests.

7. How We Share Information

We do not sell personal information.

  • Service Providers (Processors): Hosting, infrastructure, databases, logging, analytics, email delivery, customer support, payment processing (e.g., Stripe), subscription management, and security partners. They process data under contracts that include confidentiality and data protection obligations.

  • Integrations You Enable: GitHub, GitLab, Bitbucket, Azure DevOps; Jira; Linear; and similar tools you connect. Their use of your data is governed by their policies and your configuration.

  • Model Providers (for Code Analysis): We may use reputable AI model providers (e.g., OpenAI, Anthropic) to generate code review suggestions under strict controls. Neither PullSight nor these providers use your proprietary code or personal data from reviews to train their models. For open-source (OSS) inputs, we may use data to improve our systems.

  • Corporate Transactions: In a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your data may be transferred as part of the transaction subject to this Policy.

  • Legal/Compliance: To comply with law, court orders, or lawful requests; to protect rights, property, or safety of PullSight, users, or the public; to detect and prevent fraud, abuse, or security issues.

  • With Your Consent: Where you direct us to share or otherwise consent.

If you’d like a current list of core subprocessors, we can provide it or publish it at /subprocessors.

8. Third-Party Websites and Links

The Services may link to third-party sites, tools, or features. We do not control them and are not responsible for their content or privacy practices. Review their policies before providing personal data.

9. Your Rights and Choices

Account & Preferences

  • Access, correct, update, or delete certain information in Account Settings.

  • Contact us at privacy@pullsight.ai for additional requests.

  • Opt out of marketing emails using in-email links (transactional/operational emails may still be sent).

EEA/UK Residents

Under GDPR/UK GDPR, subject to conditions, you may: access, rectify, erase, restrict processing, object to processing (including for direct marketing), and request data portability. You may also lodge a complaint with your local supervisory authority. We will respond within applicable timelines.

Minimum Data for Functionality: Some Services require a minimum of personal data. If you do not provide required data or request deletion, certain features may not function and your account may be deactivated.

California Residents (CCPA/CPRA)

Subject to the CPRA, you may have rights to: know/access, correct, delete, and limit use/disclosure of sensitive personal information, and to not be discriminated against for exercising rights. We do not sell or share personal information for cross-context behavioral advertising. Submit requests to privacy@pullsight.ai. We will verify your identity and, if you use an authorized agent, may require proof of authorization.

10. International Data Transfers

Our primary infrastructure may be located in the European Union and/or the United States (and other regions as we scale). When transferring personal data internationally, we use appropriate safeguards such as:

  • Adequacy decisions (where available),

  • EU Standard Contractual Clauses (SCCs) / UK IDTA/Addendum, and

  • Additional technical and organizational measures.

By using the Services, you acknowledge international transfers as described and as permitted by applicable law.

11. Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration (e.g., access controls, encryption in transit and at rest where applicable, network segregation, logging/monitoring, least-privilege policies). No system is perfectly secure; transmission is at your own risk. You are responsible for maintaining the confidentiality of your credentials. We may notify you of certain security incidents via email or in-product notices, as permitted by law.

12. Data Retention, Storage, and Use of Proprietary Code

We retain personal data only as long as necessary for the purposes described, including:

  • While your account is active and for a reasonable period thereafter,

  • As required by legal, accounting, or reporting obligations,

  • To enforce agreements and resolve disputes.

Service Data (e.g., code/review artifacts):

  • Stored only as needed to provide the Services (e.g., compute a review, show history, analytics), troubleshoot issues, and improve your experience.

  • Proprietary code you submit is not used to train third-party AI models.

  • We may store minimal vector embeddings or metadata to personalize and refine reviews for your organization. You can opt out of such storage by contacting privacy@pullsight.ai; opting out may limit personalization features.

  • For open-source (OSS) inputs, we may use data to improve our systems.

Upon account closure or your deletion request, we will delete or de-identify personal data within a reasonable time, subject to legal holds and backups. Some residual copies may remain in secure backups for a limited retention period.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be indicated by updating the “Last Updated” date above and, where required, we will provide additional notice (e.g., email or prominent in-app notice). Continued use of the Services after the effective date constitutes acceptance.

14. How to Contact Us (and Data Protection Officer)

Questions, requests, or complaints regarding this Policy or your personal data:

  • Email: privacy@pullsight.ai

  • Support: support@pullsight.ai

  • Postal: Meliora Group LTD, 46 William Gladstone St., 1000 Sofia, Bulgaria

If required by law, our Data Protection Officer (DPO) can be reached at dpo@pullsight.ai.

Cut Code Review Time and Bugs in Half; Without Compromising Code Privacy
2025 © All rights reserved
Terms of Service
Privacy Policy
Star