Overview

Revvu ("we", "our", or "us") is a GitHub App that provides AI-powered pull request reviews. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

Information We Collect

When you install and use Revvu, we collect the following data:

• GitHub account information — your username, email address, and avatar, obtained through GitHub OAuth during sign-in.
• Repository metadata — repository names, organization names, and installation details for repositories where Revvu is installed.
• Pull request diffs — the code changes in your pull requests. These are processed in memory only and are never persisted to disk or database.
• Review records — the AI-generated review comments, including file paths, line numbers, and comment text. These are stored to provide review history in your dashboard.

How We Use Your Information

We use your information to:

• Provide AI-powered code review comments on your pull requests.
• Maintain your account and authenticate you via GitHub OAuth.
• Display your review history and repository connections in the dashboard.
• Improve the quality and accuracy of reviews over time through optional per-repository learning memory.
• Communicate important service updates, policy changes, or security notices.

Data Storage and Security

Your account information and review records are stored in a PostgreSQL database hosted on Neon, a SOC 2 compliant database provider.

Pull request diffs are never stored. Code changes are processed in memory during the review and discarded immediately after. We do not persist, cache, or log raw source code.

We protect your data through:

• HTTPS encryption for all data in transit.
• HMAC-SHA256 signature verification on all incoming GitHub webhook payloads.
• Environment-level secrets management — API keys and credentials are never hardcoded or exposed to users.

Third-Party Services

Revvu integrates with the following third-party services to provide its functionality:

• GitHub — OAuth authentication, repository access, and pull request interaction.
• AI model provider — a third-party large language model routed through OpenRouter processes your code diffs to produce review analysis.
• Vercel — application hosting and deployment.
• Neon — managed PostgreSQL database for account data, review records, and per-repository learnings (the lessons the reviewer picks up from your feedback over time). All learnings data stays in our database and is not shared with any third-party memory or learning service.

Data Retention

• Account data is retained for as long as your account is active.
• Review records are retained to provide review history and dashboard functionality.
• Code diffs are never retained — they are processed in memory and discarded immediately.

If you delete your account, we will remove your personal data and review history within 30 days.

Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Deletion — request deletion of your account and associated data.
• Disconnect — uninstall the Revvu GitHub App from your repositories at any time, immediately stopping all data collection.
• Export — request an export of your review history data.

To exercise any of these rights, contact us at the email address below.

Children's Privacy

Revvu is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or through a notice on our website at least 30 days before the changes take effect.

Contact

If you have questions about this Privacy Policy or our data practices, please contact us at support@revvu.xyz.