Privacy Policy
How we protect your engineering intelligence.
No Training
We never use your source code or PR context to train our LLMs or internal models.
Volatile Processing
Code diffs are processed in secure, isolated memory and purged immediately after analysis.
Information Collection
We collect basic account information (name, email) and necessary metadata from your GitHub organization to provide governance insights. We do not collect PII from your codebase unless specifically required for security auditing.
Infrastructure Security
Your data is processed in SOC2-compliant environments. For Enterprise customers, isolated VPC deployments are available to ensure zero data shared outside your organization's perimeter.
Third-Party Sub-processors
We use Polar.sh for billing and secure, isolated LLM providers for our analysis engine. These partners are strictly prohibited from using your data for their own purposes.
Cookies & Tracking
Mergai uses only essential cookies for authentication and session management. We do not use third-party tracking pixels or advertising cookies.
Data Retention
PR analysis reports are retained as long as your account is active to provide historical insights. Upon account deletion, all associated analysis data and organization metadata are permanently purged from our primary databases within 30 days.
Your Rights
You have the right to access, rectify, or delete your personal data. You may also request a copy of the governance data we have collected for your organization by contacting support@gscodes.dev.