Legal

Privacy Policy

Last updated July 1, 2026

This document is a plain-language template provided for convenience — it is not legal advice. Have a qualified attorney review and adapt it (contacts, jurisdiction, specifics) before relying on it.

This Privacy Policy explains how Slovey (“Slovey,” “we,” “us”) collects, uses, and protects information when you use our engineering-memory service (the “Service”). By using the Service you agree to this Policy.

1. Information we collect

  • Account information. When you sign in with GitHub, Google, or email, we receive your name, email address, avatar, and provider user ID.
  • GitHub repository data.With your authorization (via the Slovey GitHub App), we access repositories you connect: pull requests, commits, diffs, review comments, documentation, and code structure — used to build your team’s decision memory.
  • Content you create. Decisions, feedback, settings, and other input you provide in the dashboard.
  • Usage & device data. Log data, IP address, browser type, and pages viewed, for security and to operate the Service.
  • Cookies. We use strictly-necessary cookies for authentication and preferences (e.g. theme). We do not use advertising cookies.

2. How we use information

  • To provide the Service: extract, store, and surface engineering decisions and warnings.
  • To analyze pull requests against your recorded decisions and post results.
  • To authenticate you and secure your account.
  • To communicate about the Service, and to comply with legal obligations.

3. AI processing

To extract decisions and evaluate pull requests, we send relevant repository content (such as diffs, PR text, and documentation) to third-party AI providers acting as our processors. This content is used to generate results for you and is not used by us to train public models. See our subprocessors below.

4. Subprocessors & third parties

We share data with service providers strictly to operate the Service:

  • Supabase — database, authentication, and storage.
  • GitHub — source of repository data and an authentication provider.
  • Google — an authentication provider (Sign in with Google).
  • Google (Gemini) / Anthropic — AI processing of repository content.
  • Render — application hosting.
  • Stripe — payment processing (if/when you subscribe to a paid plan).

We do not sell your personal information. We disclose data only as described here, or when required by law.

5. Data retention

We retain your data for as long as your account is active or as needed to provide the Service. You may disconnect a repository or delete your account at any time; we then delete or de-identify associated data within a reasonable period, except where retention is required by law.

6. Security

We use encryption in transit, access controls, and encryption at rest for sensitive tokens. No method of transmission or storage is perfectly secure, but we work to protect your data using industry-standard measures.

7. Your rights

Depending on your location (e.g. EEA/UK under GDPR, California under CCPA/CPRA), you may have the right to access, correct, delete, or port your data, and to object to or restrict certain processing. To exercise these rights, contact us at privacy@your-domain.example.

8. International transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

10. Changes

We may update this Policy. Material changes will be posted here with a new “Last updated” date.

11. Contact

Questions? Contact us at privacy@your-domain.example.