Overview

Callstack PR Reviewer prioritizes the security and confidentiality of your code. This document outlines our approach to data protection during automated code reviews.

Managed Service

When using the managed service, each code review occurs in an isolated, temporary environment on Google Cloud Platform. The environment is destroyed after the review, ensuring no code is retained on our servers.

Self-Service (GitHub Actions / GitLab Pipelines)

For self-service users (GitHub Actions, GitLab Pipelines), no code leaves your CI/CD environment. All reviews are performed within your infrastructure, ensuring code remains secure.

Data Retention & Training

  • Data Retention: Callstack PR Reviewer does not retain any code or review data once the process is complete. We do store metadata about each review and pull request such as branch name, pull request title, commit hash.
  • Data Training: We do not use your data to train machine learning models.

Data Sent to LLM Providers

To perform the code review, we send context to LLM providers (e.g., OpenAI, Anthropic), including changed code, code structure, and relevant metadata. This data is limited to the scope necessary for the review and is not retained after processing.

Compliance

We adhere to industry best practices for security and comply with applicable data protection regulations, including GDPR. Third-party services we use are selected for their strong security measures.