This Privacy Policy explains how Slovey (“Slovey,” “we,” “us”) collects, uses, and protects information when you use our engineering-memory service (the “Service”). By using the Service you agree to this Policy.
1. Information we collect
- Account information. When you sign in with GitHub, Google, or email, we receive your name, email address, avatar, and provider user ID.
- GitHub repository data.With your authorization (via the Slovey GitHub App), we access repositories you connect: pull requests, commits, diffs, review comments, documentation, and code structure — used to build your team’s decision memory.
- Content you create. Decisions, feedback, settings, and other input you provide in the dashboard.
- Usage & device data. Log data, IP address, browser type, and pages viewed, for security and to operate the Service.
- Cookies. We use strictly-necessary cookies for authentication and preferences (e.g. theme). We do not use advertising cookies.
2. How we use information
- To provide the Service: extract, store, and surface engineering decisions and warnings.
- To analyze pull requests against your recorded decisions and post results.
- To authenticate you and secure your account.
- To communicate about the Service, and to comply with legal obligations.
3. AI processing
To extract decisions and evaluate pull requests, we send relevant repository content (such as diffs, PR text, and documentation) to third-party AI providers acting as our processors. This content is used to generate results for you and is not used by us to train public models. See our subprocessors below.
4. Subprocessors & third parties
We share data with service providers strictly to operate the Service:
- Supabase — database, authentication, and storage.
- GitHub — source of repository data and an authentication provider.
- Google — an authentication provider (Sign in with Google).
- Google (Gemini) / Anthropic — AI processing of repository content.
- Render — application hosting.
- Stripe — payment processing (if/when you subscribe to a paid plan).
We do not sell your personal information. We disclose data only as described here, or when required by law.
5. Data retention
We retain your data for as long as your account is active or as needed to provide the Service. You may disconnect a repository or delete your account at any time; we then delete or de-identify associated data within a reasonable period, except where retention is required by law.
6. Security
We use encryption in transit, access controls, and encryption at rest for sensitive tokens. No method of transmission or storage is perfectly secure, but we work to protect your data using industry-standard measures.
7. Your rights
Depending on your location (e.g. EEA/UK under GDPR, California under CCPA/CPRA), you may have the right to access, correct, delete, or port your data, and to object to or restrict certain processing. To exercise these rights, contact us at privacy@your-domain.example.
8. International transfers
Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes
We may update this Policy. Material changes will be posted here with a new “Last updated” date.
11. Contact
Questions? Contact us at privacy@your-domain.example.