ADO Pilot Privacy Policy
Last Updated: 2026-06-30
Effective Date: 2026-06-29
1. Introduction
Welcome to ADO Pilot ("we," "us," "our"). ADO Pilot provides AI-powered pull request review services for Azure DevOps ("Service"). We are committed to protecting your privacy and being transparent about how we handle your data.
This Privacy Policy explains:
- What data we collect and why
- How we process your source code
- Your rights and choices
- How we protect your information
Company Information:
- Legal Name: Glenn Technology LLC
- Address: 9039 Cross Park Dr, Ste 30268, Knoxville, Tennessee 37923, United States
- Privacy Contact: privacy@adopilot.dev
- Data Protection Officer: dpo@adopilot.dev
By using ADO Pilot, you agree to this Privacy Policy. If you don't agree, please don't use our Service.
Our Role Under Data Protection Law
Under GDPR and similar data protection laws, our role depends on the type of data:
- Account, billing, and usage data: We act as the data controller. We decide why and how this data (your account details, subscription and billing records, and aggregate usage metrics) is processed.
- Personal data in your source code and pull requests: We act as a data processor on your behalf. You (or your organization) are the data controller, and we process this data only to provide the review Service under your instructions.
For the personal data we process as your processor, our obligations are governed by a Data Processing Addendum (DPA), available on request from dpo@adopilot.dev.
2. What Data We Collect
We collect only the data necessary to provide and improve our Service.
2.1 Azure DevOps User Information
When you install and use ADO Pilot, we collect:
-
User Identity Data:
- Email address
- Display name
- Azure DevOps user ID
- Organization/project identifiers
-
Azure DevOps Metadata:
- Repository names and URLs
- Pull request metadata (PR number, title, author, creation date)
- Branch names
- Commit SHAs
Why we collect this: To authenticate users, associate reviews with the correct pull requests, and deliver review comments back to Azure DevOps.
Legal basis (GDPR): Performance of contract (we need this to provide the Service you've subscribed to).
2.2 Source Code
What we process:
- Pull request diffs (changed files and line-by-line differences)
- File contents relevant to the pull request
- Commit messages and SHAs
Code Retention: Your source code is not retained on our systems after a review. Our AI provider (Anthropic) retains API inputs for a limited period — up to approximately 30 days — to operate the service and does not use them for training (see Section 4). Customers interested in a zero-data-retention agreement should reach out to sales@adopilot.dev.
No training: We will not use your source code to train AI models.
Legal basis (GDPR): Performance of contract (processing code is essential to providing AI PR reviews).
2.3 Usage Data and Analytics
We collect aggregated usage data to improve the Service:
-
Service Usage:
- Number of reviews performed
- Review duration and performance metrics
- Feature usage statistics
- Error logs and diagnostic information
-
Technical Data:
- Browser type and version
- Operating system
- IP address (for security and analytics)
- Time zone and language preferences
What we DON'T collect: We don't sell your personal information, run third-party advertising or retargeting pixels, track you across other websites, or build advertising/behavioral profiles. Our product analytics use a privacy-protective Google Analytics 4 configuration with advertising features off (see Section 10).
Legal basis (GDPR): Legitimate interest (improving service quality and security).
2.4 Billing and Payment Information
If you subscribe to a paid plan:
-
Billing Data:
- Subscription tier and status
- Usage-based billing metrics
- Invoice history
-
Payment Information:
- For Azure Marketplace purchases: Microsoft handles payment processing. We only receive confirmation of your subscription status.
- For direct billing: Payment processing is handled by third-party payment processors. We never store credit card numbers directly.
Legal basis (GDPR): Performance of contract and legal obligation (tax and accounting compliance).
2.5 Communications Data
If you contact us or opt in to marketing:
- Public support form submissions — if you submit a request at adopilot.dev/support (no account required), we collect your name, email address, subject, category, and the description you provide. We also collect your IP address and browser user-agent to operate the Cloudflare Turnstile bot-detection widget that protects the form. This data is used solely to respond to your inquiry.
- Email correspondence with support
- Feedback and survey responses
- Marketing communication preferences
Legal basis (GDPR): Legitimate interest (for support communications, including the public form) and consent (for marketing).
3. How We Use Your Data
We use your data only for the following purposes:
3.1 To Provide the Service
- Authenticate users and organizations
- Fetch pull request data from Azure DevOps
- Perform AI-powered code reviews
- Post review comments and status checks back to Azure DevOps
- Manage subscriptions and billing
3.2 To Improve the Service
- Analyze aggregate usage patterns to identify bugs and performance issues
- Develop new features based on how customers use the Service
- Create anonymized benchmarks (e.g., "average review time across all customers")
Note: We never share customer-specific data or use individual customer data for marketing. All research and benchmarking uses anonymized, aggregate data only.
3.3 To Communicate With You
- Send transactional emails (review completed, errors, subscription changes, and account-security notices such as email-change alerts, sign-in links, and two-factor-authentication changes)
- Provide customer support
- Send product updates and feature announcements (you can opt out)
- Respond to legal requests or enforce our Terms of Service
3.4 For Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations (tax laws, data breach notifications, court orders)
- Enforce our Terms of Service
We will NEVER:
- Sell your data to third parties
- Use your source code to train AI models
- Share your code with anyone except our AI provider for the sole purpose of performing reviews
- Use your data for advertising or behavioral tracking
4. How We Handle Your Source Code
Your source code is your most sensitive asset. Here's exactly how we handle it:
4.1 How We Handle Source Code
We do not retain your raw source code on our systems after a review. Here is the full picture, including our AI provider:
-
Fetch: When a PR is created/updated in Azure DevOps, our Service receives a webhook notification and fetches the PR diff from Azure DevOps using your organization's credentials.
-
Process: The code diff is sent to Anthropic's Claude API for AI-powered analysis. Anthropic retains API inputs and outputs for a limited period — up to approximately 29 days for the Message Batches API and up to approximately 30 days for the synchronous Messages API — to operate and secure the API, after which they are deleted. Anthropic does not use your code to train its models.
-
Delete: Once the review is complete and posted back to Azure DevOps, the code diff is purged from our systems. We do not cache code, store it "for performance," or retain it "for troubleshooting." If we need to re-review a PR, we fetch it fresh from Azure DevOps.
Processing duration on our systems: Code exists in our systems for only the time required to perform the review (typically seconds to minutes).
Review results: The review comments, findings, and summaries we generate (which are derived from, but are not, your source code) are stored in your account so you can view your review history. They remain until you delete them or your account (see Section 7).
Zero Data Retention (Enterprise): We plan to offer a Zero Data Retention (ZDR) configuration as an Enterprise add-on, under which our AI provider would not retain your code at rest. This is not yet available; contact sales@adopilot.dev to be notified when it launches.
4.2 Security Measures for Code in Transit
While your code is being processed:
- Encryption in transit: All data is transmitted over TLS 1.2+ (HTTPS)
- Encryption at rest: If code touches disk (unlikely due to streaming), it's encrypted using Azure-managed keys
- Memory isolation: Code processing happens in isolated, ephemeral compute environments
- No logging: Source code is never written to application logs
4.3 No AI Model Training
We do not, and will not, use your private source code to train AI models. This applies to:
- Our own potential future models
- Anthropic's models (Anthropic has contractual commitments to not train on customer data)
- Any third-party AI providers we may use
Note: If you make a repository public, Anthropic or other AI providers may include public code in their general training datasets (like GitHub Copilot does). This Privacy Policy applies only to private code processed through ADO Pilot.
5. Third-Party Service Providers (Subprocessors)
We share data with the following third-party service providers who help us deliver the Service:
5.1 Anthropic, PBC (AI Provider)
What they do: Provide the AI models (Claude) that power our code reviews.
What data we share: Pull request diffs and file contents necessary for code review.
Data retention by Anthropic:
- Limited retention: Anthropic retains API inputs and outputs for a limited period — up to approximately 29 days for the Message Batches API and up to approximately 30 days for the synchronous Messages API — to operate and secure the API, after which they are deleted. See Anthropic's Commercial Terms.
- No training: Anthropic does not use your data to train their AI models.
- Zero Data Retention: We plan to offer a Zero Data Retention (ZDR) configuration as an Enterprise add-on, under which Anthropic would not retain inputs at rest. This is not yet available; contact sales@adopilot.dev to be notified when it launches.
Data location: Anthropic processes data in the United States. For EU customers, data transfer is protected by Standard Contractual Clauses (SCCs) as required by GDPR.
Learn more:
5.2 Microsoft Azure (Infrastructure Provider)
What they do: Provide cloud infrastructure (compute, storage, networking) for ADO Pilot.
What data they process:
- All data described in this Privacy Policy is hosted on Microsoft Azure
- Azure provides infrastructure security, encryption, and compliance certifications
Data location: United States (may expand to other regions in the future).
Security: Azure provides SOC 2 Type II, ISO 27001, and other security certifications. See Azure Trust Center.
5.3 Microsoft Azure DevOps
What they do: Provide the Azure DevOps platform where your code is hosted.
Data flow: We fetch code from Azure DevOps using your organization's authorized credentials and post review comments back to Azure DevOps. We do not send your code to Microsoft (it's already there).
5.4 Payment Processors (if applicable)
If we offer direct billing (separate from Azure Marketplace):
- Payment processor: Stripe, Inc.
- What they process: Payment information (credit card, billing address)
- Data retention: Governed by the payment processor's privacy policy
Note: We never store credit card numbers directly.
5.5 Other Service Providers
We currently use the following additional service providers:
- Transactional email: Twilio Inc. (SendGrid) — delivers account and notification emails (recipient email address and message content).
- Service telemetry: Microsoft Azure Application Insights — server-side operational telemetry.
- Product analytics: Google LLC (Google Analytics 4) — first-party usage analytics on our websites (a pseudonymous client identifier and page/event data). Configured with advertising features and Google Signals off; no personal information (such as name or email) is sent to Google. In the EEA, the UK, and Switzerland we set analytics cookies only with your prior consent (opt-in); elsewhere you can opt out at any time. Use "Your Privacy Choices" (Section 10) or a Global Privacy Control signal.
- Customer support ticketing: Atlassian, Inc. (Jira Service Management) — routes and stores support ticket content (requester name, email address, subject, and description) for support-request tracking and response. Atlassian does not receive your source code or pull-request data. (The request category you select is retained only in our own records, not sent to Atlassian.)
- Bot and abuse protection: Cloudflare, Inc. (Turnstile) — performs a bot-detection check on requests submitted via the public support form at adopilot.dev/support, using your IP address and browser characteristics. Cloudflare does not receive your account data or source code.
We will update this list if we add further providers. Subprocessor list: A complete and current list of subprocessors is available on request from dpo@adopilot.dev. We will notify customers 30 days before adding new subprocessors that process customer code. The Atlassian and Cloudflare entries above process support-requester contact data only — not customer source code — so the customer-code notification commitment does not apply to them.
6. Data Storage and Security
6.1 Where We Store Data
Primary data location: United States (Microsoft Azure US regions)
Source code: Not retained on our systems after a review (see Section 4)
Other data (accounts, billing, analytics): Stored in Azure US regions with encryption at rest.
Future expansion: We may offer data residency options (EU, Asia-Pacific) in the future. If you have specific data residency requirements, contact us at privacy@adopilot.dev.
6.2 Security Measures
We implement appropriate technical and organizational security measures to protect your data:
Technical measures:
- Encryption at rest: All data encrypted using AES-256 via Azure Storage Service Encryption
- Encryption in transit: TLS 1.2+ for all network communication
- Access control: Role-based access control (RBAC) and Azure AD managed identities
- Secret management: All credentials and API keys stored in Azure Key Vault
- Network isolation: Services run in isolated virtual networks with minimal internet exposure
Organizational measures:
- Least privilege: Employees have access only to data necessary for their role
- Security training: All team members receive security awareness training
- Incident response plan: We have procedures to detect, respond to, and recover from security incidents
We maintain a written information security program informed by recognized frameworks such as the NIST Privacy Framework.
Limitations: No security is perfect. While we take reasonable precautions, we cannot guarantee absolute security. You use the Service at your own risk.
6.3 Security Certifications
Current status (MVP): Relying on Azure's security certifications and best practices.
Penetration testing: We plan to conduct annual third-party security audits.
Enterprise customers: If you require specific certifications, contact us to discuss timing and requirements.
7. Data Retention and Deletion
7.1 Source Code
As described in Section 4, we do not retain your raw source code on our systems after a review. Our AI provider retains API inputs for a limited period (up to approximately 30 days) and does not train on them. Review comments, findings, and summaries we generate are stored in your account until you delete them or your account.
7.2 User Account Data
While your account is active: We retain your account data (email, name, organization ID, subscription info) indefinitely to provide continuous service.
After account deletion: We delete your account data from our active systems within 30 days of a deletion request, except as noted below. Residual copies may persist in encrypted backups for up to a further 30 days before they are fully erased.
7.3 Billing Records
Retention period: 7 years from the end of the fiscal year in which the transaction occurred.
Why: Required for tax compliance (IRS), accounting audits, and dispute resolution.
What's retained: Invoice data, subscription history, payment records. No source code or review content.
7.4 Usage Analytics
Aggregate data: Anonymized usage statistics (e.g., "total reviews performed this month") are retained indefinitely for business analytics.
Customer-specific data: Deleted within 30 days of account deletion.
7.5 Legal Holds
If we receive a valid legal request (court order, subpoena), we may be required to retain data beyond normal retention periods. We will notify you if legally permitted.
7.6 Review Results and History
The review comments, findings, and summaries the Service generates (which are derived from, but are not, your source code) are stored in your account so you can view your review history. They are retained until you delete them or your account, at which point they are removed on the schedule in Section 7.2. While your account is active, these review results are not subject to a fixed expiry.
8. Your Rights and Choices
Depending on your location, you may have specific rights regarding your personal data.
8.1 GDPR Rights (European Economic Area, UK, Switzerland)
If you're in the EU/EEA, UK, or Switzerland, you have the following rights:
Right to access: Request a copy of all personal data we hold about you.
Right to rectification: Correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention requirements like billing records).
Right to restriction of processing: Ask us to stop processing your data in certain circumstances.
Right to data portability: Receive your data in a machine-readable format (JSON) and transfer it to another service.
Right to object: Object to processing based on legitimate interests (e.g., marketing).
Right to withdraw consent: Withdraw consent for processing that requires it (e.g., marketing emails).
Right to lodge a complaint: File a complaint with your local data protection authority.
How to exercise rights: Email us at dpo@adopilot.dev. We will respond within 30 days (or 60 days for complex requests, with explanation).
8.2 CCPA Rights (California Residents)
If you're a California resident, you have the following rights:
Right to know: Request disclosure of what personal information we collect, use, disclose, and sell.
Right to delete: Request deletion of your personal data (subject to exceptions).
Right to correct: Request that we correct inaccurate personal information we maintain about you. We will use commercially reasonable efforts to correct it as directed, taking into account the nature of the information and the purposes of processing.
Right to opt-out of sale or sharing: We do NOT sell or share personal information, so this specific right is not applicable. Separately, we offer an analytics opt-out and honor Global Privacy Control (GPC) signals by disabling analytics cookies — see Section 10.2.
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
How to exercise rights: Email us at privacy@adopilot.dev. We will respond within 45 days.
Verification: We may ask for additional information to verify your identity before processing requests.
8.3 Rights for All Users (Regardless of Location)
Even if you're not covered by GDPR or CCPA, we offer these rights to all users:
Access your data: Request a copy of your account data and usage history.
Correct your data: Update your email, name, or other account information via the ADO Pilot settings or by contacting support.
Delete your account: You can delete your account at any time via your account settings or by contacting support. We will delete your data within 30 days (except billing records retained for 7 years).
Opt out of marketing: Unsubscribe from marketing emails via the link in any email or by contacting privacy@adopilot.dev.
Export your data: Email dpo@adopilot.dev to request an export of your account data, review history, and usage data. We will provide it in a machine-readable format (JSON). Exports are prepared by our team rather than through a self-service download.
Scope and how we handle requests: ADO Pilot is a business-to-business service. Account deletion removes your organization's data from our active systems (see Section 7). For a request about a specific individual's personal data within an organization, we act on the organization's behalf as a data processor — email dpo@adopilot.dev and we will action it. Data-subject requests are handled by our team rather than through a self-service interface.
9. International Data Transfers
ADO Pilot is based in the United States, and your data is primarily stored in US data centers (Microsoft Azure).
9.1 Transfers Outside Your Country
If you're located outside the United States, your data will be transferred to and processed in the United States.
For EU/EEA users:
- Legal mechanism: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States.
- Anthropic data transfers: When we send your code to Anthropic (US-based), this transfer is also protected by SCCs included in our agreement with Anthropic.
- Adequacy: While the EU-US Data Privacy Framework is in place, we use SCCs as an additional safeguard.
For UK users:
- Legal mechanism: UK International Data Transfer Agreement (IDTA) or SCCs approved by the UK Information Commissioner's Office (ICO).
For other regions: We use appropriate safeguards consistent with local data protection laws.
9.2 Your Consent
By using ADO Pilot, you consent to the transfer of your data to the United States and processing as described in this Privacy Policy.
If you do not consent, please do not use the Service. In the future, we may offer data residency options (EU hosting, for example) to address this concern.
10. Cookies and Tracking Technologies
10.1 What We Use
Strictly necessary cookies: We use a session cookie to authenticate users and maintain login state. This is required for the Service to function.
Analytics: We use Google Analytics 4 (GA4) to understand how our public websites are used (for example, which pages and features are visited) so we can improve them. GA4 sets first-party analytics cookies (such as _ga and _ga_*) in your browser and assigns a pseudonymous identifier. We also collect server-side operational telemetry via Azure Application Insights. Our GA4 configuration is privacy-protective: advertising features and Google Signals are turned off, IP addresses are not stored by GA4, and we never send personal information (such as your name or email) to Google. Analytics is region-aware (see Section 10.2): in the European Economic Area (EEA), the United Kingdom, and Switzerland it is off by default and runs only if you opt in; elsewhere (including the United States) it is on by default and you can opt out at any time. We honor Global Privacy Control in every region.
What we DON'T use:
- No third-party advertising cookies
- No cross-site tracking
- No behavioral profiling for marketing
10.2 Your Choices
Cookie management: You can block cookies in your browser settings. Note that blocking strictly necessary cookies will prevent you from using the Service.
Your analytics choice ("Your Privacy Choices"): Whether analytics starts on or off depends on your region. In the EEA, the UK, and Switzerland, analytics cookies are off until you opt in — no _ga cookie is set beforehand. Everywhere else (including the United States), analytics is on by default and you can opt out. Either way, use the "Your Privacy Choices" control — in the footer of our marketing site, and in the corner of the onboarding app — to change your choice. It opens a preference center where you can enable or disable analytics cookies; your choice is remembered on your browser and applies across our adopilot.dev sites.
Global Privacy Control (GPC): We honor the Global Privacy Control signal. If your browser or extension sends a GPC signal, we automatically disable analytics cookies for that browser — you don't need to do anything else.
No sale or sharing: We do not sell or share your personal information (as those terms are defined under U.S. state privacy laws). We use Google Analytics only as a service provider/processor for our own first-party analytics, configured with advertising features off.
Do Not Track: Browsers vary in how they send Do Not Track (DNT), and there is no industry-standard response, so we do not rely on DNT. Instead, we honor the Global Privacy Control (GPC) signal and provide the "Your Privacy Choices" control to disable analytics cookies (see Section 10.2).
11. Data Breach Notification
11.1 Our Commitment
We take data security seriously. In the event of a data breach that affects your personal data, we will respond as follows. Our specific notification obligations depend on our role for the affected data (see "Our Role Under Data Protection Law" above):
Investigation:
- Internal detection: Upon becoming aware of a suspected breach, we will promptly investigate and work to confirm the nature and scope of the incident without undue delay.
Notification:
- Where we are the data controller (account and billing data): Where the breach affects data for which we are the controller, and notification is required, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by GDPR Article 33(1). We will notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.
- Where we are a data processor (source code and pull request data): Where the breach affects personal data that we process on a customer's behalf, we will notify the affected customer (the controller) without undue delay after becoming aware of it, so that the customer can meet its own notification obligations. As your processor we do not notify supervisory authorities or your users directly on your behalf unless agreed in our Data Processing Addendum.
- Customer notification (general): We will notify affected customers without undue delay after becoming aware of a confirmed breach affecting their data.
What we'll tell you:
- Nature of the breach (what data was affected)
- Likely consequences
- Measures we've taken to address the breach
- Recommended actions for you to take (e.g., change passwords)
11.2 Legal Compliance
We comply with the data breach notification laws applicable to our Service, including:
- Tennessee: Tennessee's data breach notification statute (Tenn. Code Ann. § 47-18-2107), part of the Tennessee Identity Theft Deterrence Act within the Tennessee Consumer Protection Act. We notify affected Tennessee residents no later than 45 days after discovery of a breach (subject to legitimate law-enforcement delay). Notification is not triggered by the unauthorized acquisition of encrypted information unless the encryption key or process is also acquired.
- GDPR: 72-hour notification to supervisory authority and affected individuals
- CCPA: Notice to California Attorney General if 500+ CA residents affected
- Other applicable laws: We also comply with all other data breach notification laws that apply to us, including other U.S. state laws.
11.3 Your Responsibility
If you suspect unauthorized access to your account, immediately:
- Change your Azure DevOps credentials
- Revoke ADO Pilot's access in Azure DevOps settings
- Contact us at security@adopilot.dev
12. Children's Privacy
ADO Pilot is a B2B service not directed at minors. You must be at least 16 years old to use the Service (see Terms of Service, Section 3.2). We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, contact privacy@adopilot.dev and we will delete it.
13. Changes to This Privacy Policy
13.1 How We Update
We may update this Privacy Policy from time to time to reflect:
- Changes to the Service or features
- New legal requirements
- Feedback from customers
- Changes in our data practices
Current version: This policy is version 1.2, last updated 2026-06-13.
13.2 Notice of Changes
Material changes: If we make material changes that significantly affect your rights or how we use data, we will:
- Email you at your registered email address at least 30 days before the changes take effect
- Display a prominent notice in the ADO Pilot web app
- Update the "Last Updated" date at the top of this policy
Non-material changes: For minor updates (typos, clarifications, adding examples), we will update the policy without advance notice.
13.3 Your Acceptance
By continuing to use ADO Pilot after changes take effect, you accept the updated Privacy Policy. If you don't agree with the changes, you must stop using the Service and delete your account.
Version history: We maintain a version history of this Privacy Policy; prior versions are available on request.
14. Contact Us
14.1 Privacy Questions
For questions, concerns, or requests related to this Privacy Policy:
Email: privacy@adopilot.dev
Data Protection Officer: dpo@adopilot.dev
Mail: Glenn Technology LLC 9039 Cross Park Dr, Ste 30268 Knoxville, Tennessee 37923 United States
14.2 GDPR Representative (EU)
If we process significant amounts of EU data in the future, we may appoint an EU representative as required by GDPR Article 27. Contact details will be provided here.
14.3 Response Time
We aim to respond to all privacy inquiries within:
- GDPR requests: 30 days (or 60 days for complex requests)
- CCPA requests: 45 days
15. Legal and Compliance
15.1 Governing Law
This Privacy Policy is governed by the laws of the State of Tennessee and the United States, without regard to conflict of law principles.
Jurisdiction: Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in Tennessee.
15.2 Compliance
We design our practices to align with applicable data protection laws, including:
- Tennessee state data protection laws
- FTC Act (unfair and deceptive practices)
- GDPR (for EU users, where it applies)
- CCPA (for California residents, where applicable)
We hold no third-party certifications at this time and rely on Microsoft Azure's certifications for the underlying infrastructure (see Section 5.2).
15.3 Regulatory Authorities
For EU users: You have the right to lodge a complaint with your local data protection authority. Find your authority at https://edpb.europa.eu/about-edpb/board/members_en.
For California users: California Privacy Protection Agency (CPPA) - https://cppa.ca.gov/
For Tennessee users: Tennessee does not have a dedicated data protection authority. Contact us directly or file a complaint with the Tennessee Attorney General's Office.
Appendix: Data Processing Summary (GDPR Article 30)
For EU customers, here's a summary of our data processing activities:
| Data Category | Purpose | Legal Basis | Retention | Recipient(s) | | ---------------------------------------------- | ------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------------- | ----------------- | | Azure DevOps user info (email, name, org ID) | Authentication, service delivery | Performance of contract | Active account: indefinite; Deleted: within 30 days | Microsoft Azure | | Source code (PR diffs) | AI code review | Performance of contract | Not retained on our systems; Anthropic retains up to ~30 days | Anthropic only | | Review results (comments, findings, summaries) | Provide review history | Performance of contract | Until you delete them or your account | Microsoft Azure | | Usage analytics | Service improvement, billing | Legitimate interest | Aggregate: indefinite; Customer-specific: within 30 days post-deletion | Microsoft Azure | | Technical/security data (IP address, browser) | Security monitoring, fraud/abuse prevention | Legitimate interest | Within 30 days post-deletion | Microsoft Azure | | Billing records | Payment processing, tax compliance | Legal obligation | 7 years | Stripe, Inc. | | Communications | Support, marketing | Consent (marketing), Legitimate interest (support) | Until opt-out or account deletion | Twilio (SendGrid) |
End of Privacy Policy
<!-- INTERNAL NOTES — stripped from rendered output by the Markdoc loader's HTML comment pre-processor. Keep these in source so authors don't lose track of the launch checklist; they will not appear on the public site. **TODO before launch (still open — business owner / counsel):** 1. Replace `[YOUR BUSINESS ENTITY NAME]` with the actual legal name 2. Replace `[YOUR REGISTERED ADDRESS]` / `[City]` / `[ZIP]` with the actual Tennessee address 3. Replace `2026-06-10` (Last Updated + Effective Date) at publish time 4. Provision the referenced @adopilot.dev mailboxes (privacy, dpo, security, sales) 5. Confirm Stripe, Inc. as the payment processor (Section 5.4) before enabling direct billing 6. **Get legal review from a licensed attorney in Tennessee before publishing** **Done in the 2026-06-20 GA4 analytics pass:** - Shipped Google Analytics 4 on the public website + onboarding wizard (Consent Mode v2; "Your Privacy Choices" control + GPC honored; no ad pixels). Rewrote Sections 2.3, 5.5, 8.2 (CCPA opt-out), 10.1, 10.2, and Do-Not-Track to describe the GA4 cookies, the choice control, and ACTIVE GPC honoring (was: "server-side telemetry only, no analytics cookies, GPC requires no action"). The server-side `purchase` conversion (Measurement Protocol) is gated on analytics consent. - **Region-aware update (EEA opt-in):** the consent posture is now region-scoped via Consent Mode `region` defaults — EEA/UK/Switzerland visitors are **opt-IN** (analytics denied by default; `_ga` set only after consent), while the US (and elsewhere) stays opt-OUT. Sections 10.1, 10.2, and the Section 5.5 processor entry now state the region-conditional behavior. **Counsel must review this region-aware analytics disclosure (in particular the EEA/UK consent basis) before `GA_MEASUREMENT_ID` is enabled in production.** **Done in the 2026-06-09 reform pass (kept consistent with the Terms of Service):** - Retention rewritten to the truth (Sections 2.2, 4.1, 5.1, 6.1, 7.1, Appendix): no raw-code retention on our systems; Anthropic ~29–30 day API retention; review results kept in-account; ZDR as an Enterprise add-on. Removed all "zero retention" overclaims. - Anthropic entity corrected to "Anthropic, PBC" (Section 5.1). - Dropped "industry-standard" (Section 6.2) and added a NIST-informed security-program sentence (matches ToS Section 16.3). - Minimum age set to 16 (Section 12) to match ToS Section 3.2. - Subprocessor list made "available on request" (Section 5.5); payment processor named (Stripe, Inc.). - Domain unified to adopilot.dev; URL placeholders resolved or softened to "on request". **Done in the 2026-06-09 Privacy Policy full pass (truthful to current reality):** - Cookies & Tracking (Section 10): only a strictly-necessary session cookie today; analytics is server-side telemetry (no analytics cookies), with a forward-looking allowance for optional analytics cookies. Added a Global Privacy Control (GPC) commitment; scoped Do-Not-Track to any future tracking (C12). - Data-subject rights (Section 8): export is JSON (not "JSON or CSV"), request-based via dpo@ (not self-service); deletion described as account/organization-scoped with processor-assist for individual requests (C16). - Added Section 7.6 (Review Results and History) + a backup-retention window in Section 7.2 (C7). - Sub-processors (Section 5.5 + Appendix): named SendGrid (Twilio) affirmatively, removed unused vendors (Mailgun/Zendesk/Intercom), kept Azure Application Insights (server-side); corrected the Article 30 recipients (user info → Azure only, billing → Stripe, comms → Twilio/SendGrid; added a Review-results row). **Done in the 2026-06-09 review-remediation pass (post-adversarial-review fixes; kept consistent with the Terms of Service):** - Added an "Our Role Under Data Protection Law" subsection (controller for account/billing/usage; processor for source-code PII) — mirrored in ToS Section 16.2. - CCPA (Section 8.2): added the Right to Correct (Cal. Civ. Code § 1798.106). - Breach (Section 11.1) reframed by controller/processor role; the "confirm within 24h" detection SLA softened to effort-based; Tennessee statute (Section 11.2) re-cited correctly (§ 47-18-2107 is the breach-notification statute within the TN Identity Theft Deterrence Act / Consumer Protection Act, not the criminal "Personal and Commercial Computer Act"). - GPC (Sections 8.2 / 10.2) softened to conditional/forward-true (we honor it if we ever sell or share); decoupled GPC from the future-DNT sentence. - Compliance (Section 15.2) reframed from "certifications" to design-alignment (no third-party certs; rely on Azure). - Enterprise/ZDR contact unified to sales@adopilot.dev (matches the ToS). - Appendix: added a Technical/security-data (IP) row to the Article 30 table. - Retention (Section 7.2) softened to "within 30 days of a deletion request" (the deletion path is an operator-run script; one container — stripe-deadletter — is not org-queryable, tracked as a code follow-up). - Breach-law (Section 11.2) lead-in de-hedged ("key" → "applicable") with a catch-all for all other applicable laws, per external-review adjudication (2026-06-09). **Compliance / product backlog (the PP describes today's reality; build these to strengthen the promises):** - Self-service + CSV data export (today: operator-run JSON via tools/gdpr/). - Automated per-individual GDPR deletion (today: org-scoped operator script; GDPR Art. 17 per-data-subject automation — escalate to counsel/product). - Automatic cascade-delete of reviews/findings on account deletion (today: manual operator script; the Section 7.2 "within 30 days" promise depends on operators running it). - ~~GPC / DNT signal handling in code — required if/when client-side analytics ships~~ — DONE (2026-06-20): the client applies GPC + the stored opt-out before any tag fires, and the server-side `purchase` is gated on consent. - Breach-detection control (compendium C17) backing the Section 11 72-hour notification process. **Separate next pass — Data Processing Addendum (data-processing-addendum.md):** remove the rendering "## Internal Notes" heading (C2), add SendGrid (C8), fix the Module 3 SCC annex (C9), Anthropic PBC + retention + domain. **Optional enhancements:** - Add FAQ section for common privacy questions - Create visual diagram of data flow (especially useful for enterprise customers) - Translate into other languages for international customers - Create summary "Privacy at a Glance" page for quick reference -->