Privacy Policy

• Anonymous reviews need no account; your code/diff is processed to serve the request and is not stored by us.
• To produce a review, the code or diff you submit is sent to Anthropic (the model provider).
• For pull-request reviews, the PR identifier — and a GitHub token if you provide one — is sent to GitHub to fetch the diff.
• A token you enter is used only for that GitHub request. It is never stored, logged, written to your browser, or sent to the model.
• If you sign in (to use a paid plan) we store account data and set a session cookie — see Accounts below. You can delete it at any time.
• Review outputs are never cached. We use cookieless, aggregate analytics; no advertising or cross-site trackers.

Pasted code. When you start a review, your browser sends the pasted text and a detected language label to our server endpoint (/api/review). The server embeds that text in a prompt and streams it to the Anthropic API, relaying the model's findings back to your browser. The submitted text is held only for the duration of the request.

Pull requests. When you submit a GitHub PR URL, the server parses it and requests the unified diff from api.github.com. That diff is then reviewed the same way as pasted code (sent to Anthropic). Large diffs are trimmed to a size budget before review.

Public repositories need no token. To review a PR in a private repository, you may supply your own GitHub token. It is held in page memory only (never written to localStorage, sessionStorage, or cookies), sent to our server solely as the Authorization header on the single GitHub diff fetch, and never logged, stored, or sent to the model. The fetch is made with caching disabled.

Anonymous use requires no account. If you sign in with Google or GitHub (to subscribe to a Lite or Pro plan), we store:

• your email, display name, and avatar URL from the provider;
• an identifier linking your account to that provider;
• a session record plus a cookie that keeps you signed in;
• your subscription status and per-review usage (model, token counts, and cost) for billing and quota enforcement.

We never receive your Google or GitHub password. You can permanently delete your account and this data at any time from the Account page.

Running the service shares data with a few providers, each governed by its own terms and privacy policy:

• Anthropic — receives the code or diff you submit, to generate the review.
• GitHub — receives the PR reference (and your token, if supplied) to return a diff; and your basic profile if you sign in with GitHub.
• Google — your basic profile (email, name, avatar) if you sign in with Google.
• Neon — our database host; stores account, subscription, and usage records.
• Upstash — holds short-lived rate-limit counters keyed by IP (anonymous) or account.
• Stripe — processes payments for paid plans; we never see or store your card details.

Review outputs are not cached or stored, and the GitHub diff fetch is marked no-store. For signed-in users we keep only usage metadata — model, token counts, and cost per review — to enforce quotas and billing, never the code or the review text. The trade-off is speed: every review is computed fresh, so it can take a few seconds and identical requests are not served from a cache.

The only cookie this app sets is the Auth.js session cookie, and only after you sign in. Analytics are provided by Vercel Analytics, which is aggregate and cookieless — no advertising or cross-site tracking.

Note: the hosting provider (Vercel) may record standard operational request logs — IP address, timestamp, response status — as part of serving traffic. That logging is the provider's and is governed by its policies.

Anonymous use leaves nothing to delete beyond transient rate-limit counters that expire on their own. If you have an account, deleting it from the Account page removes your profile, login connections, session, and subscription record. Any active paid subscription is also cancelled with Stripe and the linked Stripe customer is removed, so billing stops immediately. Usage rows are anonymised. Deletion is immediate and cannot be undone.

Loading the app with ?demo=1 replays a canned, built-in review for screenshots and offline demos. In demo mode no code is sent anywhere — there is no network call to Anthropic or GitHub.

If the data practices above change, this page will be updated along with the "last updated" date. Questions about this policy can be directed to the project maintainer.