ADO Pilot Privacy Policy

Last Updated: [DATE]

Effective Date: [DATE]

1. Introduction

Welcome to ADO Pilot ("we," "us," "our"). ADO Pilot provides AI-powered pull request review services for Azure DevOps ("Service"). We are committed to protecting your privacy and being transparent about how we handle your data.

This Privacy Policy explains:

• What data we collect and why
• How we process your source code
• Your rights and choices
• How we protect your information

Company Information:

• Legal Name: [YOUR BUSINESS ENTITY NAME]
• Address: [YOUR REGISTERED ADDRESS], Tennessee, United States
• Privacy Contact: privacy@adopilot.com
• Data Protection Officer: dpo@adopilot.com

By using ADO Pilot, you agree to this Privacy Policy. If you don't agree, please don't use our Service.

2. What Data We Collect

We collect only the data necessary to provide and improve our Service.

2.1 Azure DevOps User Information

When you install and use ADO Pilot, we collect:

• User Identity Data:

  • Email address
  • Display name
  • Azure DevOps user ID
  • Organization/project identifiers

• Azure DevOps Metadata:

  • Repository names and URLs
  • Pull request metadata (PR number, title, author, creation date)
  • Branch names
  • Commit SHAs

Why we collect this: To authenticate users, associate reviews with the correct pull requests, and deliver review comments back to Azure DevOps.

Legal basis (GDPR): Performance of contract (we need this to provide the Service you've subscribed to).

2.2 Source Code

What we process:

• Pull request diffs (changed files and line-by-line differences)
• File contents relevant to the pull request
• Commit messages and SHAs

Code Retention: Your source code will be removed within thirty days of a review being completed. Customers interested in a zero-data retention agreement should reach out to enterprise.sales@adopilot.com.

No training: We will not use your source code to train AI models.

Legal basis (GDPR): Performance of contract (processing code is essential to providing AI PR reviews).

2.3 Usage Data and Analytics

We collect aggregated usage data to improve the Service:

• Service Usage:

  • Number of reviews performed
  • Review duration and performance metrics
  • Feature usage statistics
  • Error logs and diagnostic information

• Technical Data:

  • Browser type and version
  • Operating system
  • IP address (for security and analytics)
  • Time zone and language preferences

What we DON'T collect: We don't track individual browsing behavior, use invasive analytics, or create detailed user profiles beyond what's necessary for billing and service delivery.

Legal basis (GDPR): Legitimate interest (improving service quality and security).

2.4 Billing and Payment Information

If you subscribe to a paid plan:

• Billing Data:

  • Subscription tier and status
  • Usage-based billing metrics
  • Invoice history

• Payment Information:

  • For Azure Marketplace purchases: Microsoft handles payment processing. We only receive confirmation of your subscription status.
  • For direct billing: Payment processing is handled by third-party payment processors. We never store credit card numbers directly.

Legal basis (GDPR): Performance of contract and legal obligation (tax and accounting compliance).

2.5 Communications Data

If you contact us or opt in to marketing:

• Email correspondence with support
• Feedback and survey responses
• Marketing communication preferences

Legal basis (GDPR): Consent (for marketing) and legitimate interest (for support communications).

3. How We Use Your Data

We use your data only for the following purposes:

3.1 To Provide the Service

• Authenticate users and organizations
• Fetch pull request data from Azure DevOps
• Perform AI-powered code reviews
• Post review comments and status checks back to Azure DevOps
• Manage subscriptions and billing

3.2 To Improve the Service

• Analyze aggregate usage patterns to identify bugs and performance issues
• Develop new features based on how customers use the Service
• Create anonymized benchmarks (e.g., "average review time across all customers")

Note: We never share customer-specific data or use individual customer data for marketing. All research and benchmarking uses anonymized, aggregate data only.

3.3 To Communicate With You

• Send transactional emails (review completed, errors, subscription changes)
• Provide customer support
• Send product updates and feature announcements (you can opt out)
• Respond to legal requests or enforce our Terms of Service

3.4 For Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations (tax laws, data breach notifications, court orders)
• Enforce our Terms of Service

We will NEVER:

• Sell your data to third parties
• Use your source code to train AI models
• Share your code with anyone except our AI provider for the sole purpose of performing reviews
• Use your data for advertising or behavioral tracking

4. How We Handle Your Source Code

Your source code is your most sensitive asset. Here's exactly how we handle it:

4.1 Zero Code Retention Policy

We do not store your source code. Period.

Here's our code processing flow:

1. Fetch: When a PR is created/updated in Azure DevOps, our Service receives a webhook notification and fetches the PR diff from Azure DevOps using your organization's credentials.

2. Process: The code diff is sent to Anthropic's Claude API for AI-powered analysis. Anthropic processes the code in real-time and returns review comments.

3. Delete: Once the review is complete and posted back to Azure DevOps, the code diff is immediately purged from our systems.

Processing duration: Code exists in our systems for only the time required to perform the review (typically 10-60 seconds).

No exceptions: We never cache code, store it "for performance," or retain it "for troubleshooting." If we need to re-review a PR, we fetch it fresh from Azure DevOps.

4.2 Security Measures for Code in Transit

While your code is being processed:

• Encryption in transit: All data is transmitted over TLS 1.2+ (HTTPS)
• Encryption at rest: If code touches disk (unlikely due to streaming), it's encrypted using Azure-managed keys
• Memory isolation: Code processing happens in isolated, ephemeral compute environments
• No logging: Source code is never written to application logs

4.3 No AI Model Training

We do not, and will not, use your private source code to train AI models. This applies to:

• Our own potential future models
• Anthropic's models (Anthropic has contractual commitments to not train on customer data)
• Any third-party AI providers we may use

Note: If you make a repository public, Anthropic or other AI providers may include public code in their general training datasets (like GitHub Copilot does). This Privacy Policy applies only to private code processed through ADO Pilot.

5. Third-Party Service Providers (Subprocessors)

We share data with the following third-party service providers who help us deliver the Service:

5.1 Anthropic Inc. (AI Provider)

What they do: Provide the AI models (Claude) that power our code reviews.

What data we share: Pull request diffs and file contents necessary for code review.

Data retention by Anthropic:

• Zero retention: Anthropic does not store or retain your code after processing. This is guaranteed by Anthropic's Commercial Terms.
• No training: Anthropic does not use your data to train their AI models.

Data location: Anthropic processes data in the United States. For EU customers, data transfer is protected by Standard Contractual Clauses (SCCs) as required by GDPR.

Learn more:

• Anthropic Privacy Policy
• Anthropic Commercial Terms
• Anthropic Trust Center

5.2 Microsoft Azure (Infrastructure Provider)

What they do: Provide cloud infrastructure (compute, storage, networking) for ADO Pilot.

What data they process:

• All data described in this Privacy Policy is hosted on Microsoft Azure
• Azure provides infrastructure security, encryption, and compliance certifications

Data location: United States (may expand to other regions in the future).

Security: Azure provides SOC 2 Type II, ISO 27001, and other security certifications. See Azure Trust Center.

5.3 Microsoft Azure DevOps

What they do: Provide the Azure DevOps platform where your code is hosted.

Data flow: We fetch code from Azure DevOps using your organization's authorized credentials and post review comments back to Azure DevOps. We do not send your code to Microsoft (it's already there).

5.4 Payment Processors (if applicable)

If we offer direct billing (separate from Azure Marketplace):

• Payment processor: [TBD - e.g., Stripe, PayPal]
• What they process: Payment information (credit card, billing address)
• Data retention: Governed by the payment processor's privacy policy

Note: We never store credit card numbers directly.

5.5 Other Service Providers

We may use additional service providers for:

• Email delivery (e.g., SendGrid, Mailgun)
• Customer support (e.g., Zendesk, Intercom)
• Analytics (e.g., Azure Application Insights)

Subprocessor list: We will maintain a public list of all subprocessors at [URL]. We will notify customers 30 days before adding new subprocessors that process customer code.

6. Data Storage and Security

6.1 Where We Store Data

Primary data location: United States (Microsoft Azure US regions)

Source code: Not stored (zero retention policy)

Other data (accounts, billing, analytics): Stored in Azure US regions with encryption at rest.

Future expansion: We may offer data residency options (EU, Asia-Pacific) in the future. If you have specific data residency requirements, contact us at privacy@[yourdomain].com.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

Technical measures:

• Encryption at rest: All data encrypted using AES-256 via Azure Storage Service Encryption
• Encryption in transit: TLS 1.2+ for all network communication
• Access control: Role-based access control (RBAC) and Azure AD managed identities
• Secret management: All credentials and API keys stored in Azure Key Vault
• Network isolation: Services run in isolated virtual networks with minimal internet exposure

Organizational measures:

• Least privilege: Employees have access only to data necessary for their role
• Security training: All team members receive security awareness training
• Incident response plan: We have procedures to detect, respond to, and recover from security incidents

Limitations: No security is perfect. While we take reasonable precautions, we cannot guarantee absolute security. You use the Service at your own risk.

6.3 Security Certifications (Roadmap)

Current status (MVP): Relying on Azure's security certifications and best practices.

Planned certifications:

• SOC 2 Type II: Planned within 12-18 months of commercial launch
• ISO 27001: Planned for enterprise tier
• Penetration testing: Annual third-party security audits

Enterprise customers: If you require specific certifications, contact us to discuss timing and requirements.

7. Data Retention and Deletion

7.1 Source Code: Zero Retention

As described in Section 4, we do not retain source code. It is deleted immediately after each review.

7.2 User Account Data

While your account is active: We retain your account data (email, name, organization ID, subscription info) indefinitely to provide continuous service.

After account deletion: We delete all account data within 30 days of deletion, except as noted below.

7.3 Billing Records

Retention period: 7 years from the end of the fiscal year in which the transaction occurred.

Why: Required for tax compliance (IRS), accounting audits, and dispute resolution.

What's retained: Invoice data, subscription history, payment records. No source code or review content.

7.4 Usage Analytics

Aggregate data: Anonymized usage statistics (e.g., "total reviews performed this month") are retained indefinitely for business analytics.

Customer-specific data: Deleted within 30 days of account deletion.

7.5 Legal Holds

If we receive a valid legal request (court order, subpoena), we may be required to retain data beyond normal retention periods. We will notify you if legally permitted.

8. Your Rights and Choices

Depending on your location, you may have specific rights regarding your personal data.

8.1 GDPR Rights (European Economic Area, UK, Switzerland)

If you're in the EU/EEA, UK, or Switzerland, you have the following rights:

Right to access: Request a copy of all personal data we hold about you.

Right to rectification: Correct inaccurate or incomplete data.

Right to erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention requirements like billing records).

Right to restriction of processing: Ask us to stop processing your data in certain circumstances.

Right to data portability: Receive your data in a machine-readable format and transfer it to another service.

Right to object: Object to processing based on legitimate interests (e.g., marketing).

Right to withdraw consent: Withdraw consent for processing that requires it (e.g., marketing emails).

Right to lodge a complaint: File a complaint with your local data protection authority.

How to exercise rights: Email us at dpo@[yourdomain].com. We will respond within 30 days (or 60 days for complex requests, with explanation).

8.2 CCPA Rights (California Residents)

If you're a California resident, you have the following rights:

Right to know: Request disclosure of what personal information we collect, use, disclose, and sell.

Right to delete: Request deletion of your personal data (subject to exceptions).

Right to opt-out of sale: We do NOT sell personal information, so this right is not applicable.

Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

How to exercise rights: Email us at privacy@[yourdomain].com. We will respond within 45 days.

Verification: We may ask for additional information to verify your identity before processing requests.

8.3 Rights for All Users (Regardless of Location)

Even if you're not covered by GDPR or CCPA, we offer these rights to all users:

Access your data: Request a copy of your account data and usage history.

Correct your data: Update your email, name, or other account information via the ADO Pilot settings or by contacting support.

Delete your account: You can delete your account at any time via [account settings or support]. We will delete your data within 30 days (except billing records retained for 7 years).

Opt out of marketing: Unsubscribe from marketing emails via the link in any email or by contacting privacy@[yourdomain].com.

Export your data: Request an export of your review history and usage data in JSON or CSV format.

9. International Data Transfers

ADO Pilot is based in the United States, and your data is primarily stored in US data centers (Microsoft Azure).

9.1 Transfers Outside Your Country

If you're located outside the United States, your data will be transferred to and processed in the United States.

For EU/EEA users:

• Legal mechanism: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States.
• Anthropic data transfers: When we send your code to Anthropic (US-based), this transfer is also protected by SCCs included in our agreement with Anthropic.
• Adequacy: While the EU-US Data Privacy Framework is in place, we use SCCs as an additional safeguard.

For UK users:

• Legal mechanism: UK International Data Transfer Agreement (IDTA) or SCCs approved by the UK Information Commissioner's Office (ICO).

For other regions: We use appropriate safeguards consistent with local data protection laws.

9.2 Your Consent

By using ADO Pilot, you consent to the transfer of your data to the United States and processing as described in this Privacy Policy.

If you do not consent, please do not use the Service. In the future, we may offer data residency options (EU hosting, for example) to address this concern.

10. Cookies and Tracking Technologies

10.1 What We Use

Strictly necessary cookies: We use session cookies to authenticate users and maintain login state. These are required for the Service to function.

Analytics cookies: We may use Azure Application Insights or similar tools to collect anonymous usage data (page views, feature usage, errors).

What we DON'T use:

• No third-party advertising cookies
• No cross-site tracking
• No behavioral profiling for marketing

10.2 Your Choices

Cookie management: You can block cookies in your browser settings. Note that blocking strictly necessary cookies will prevent you from using the Service.

Do Not Track: We respect Do Not Track (DNT) browser signals and will not track users who enable DNT.

11. Data Breach Notification

11.1 Our Commitment

We take data security seriously. In the event of a data breach that affects your personal data:

Timeline:

• Internal detection: We will investigate and confirm the breach within 24 hours of detection.
• Customer notification: We will notify affected customers within 72 hours of confirming the breach.
• Regulatory notification: For EU users, we will notify the relevant data protection authority within 72 hours as required by GDPR.

What we'll tell you:

• Nature of the breach (what data was affected)
• Likely consequences
• Measures we've taken to address the breach
• Recommended actions for you to take (e.g., change passwords)

11.2 Legal Compliance

We will comply with all applicable data breach notification laws, including:

• Tennessee: Tennessee Personal and Commercial Computer Act (Tenn. Code Ann. § 47-18-2107) - requires "without unreasonable delay"
• GDPR: 72-hour notification to supervisory authority and affected individuals
• CCPA: Notice to California Attorney General if 500+ CA residents affected
• Other states: We will comply with all applicable US state breach notification laws

11.3 Your Responsibility

If you suspect unauthorized access to your account, immediately:

1. Change your Azure DevOps credentials
2. Revoke ADO Pilot's access in Azure DevOps settings
3. Contact us at security@[yourdomain].com

12. Children's Privacy

ADO Pilot is not intended for use by children under the age of 16.

No knowing collection: We do not knowingly collect personal information from anyone under 16.

If you're a parent: If you believe your child has provided us with personal information, contact us at privacy@[yourdomain].com and we will delete it immediately.

Age verification: Azure DevOps requires users to be 13+ (or older depending on jurisdiction). We rely on Azure DevOps for age verification.

13. Changes to This Privacy Policy

13.1 How We Update

We may update this Privacy Policy from time to time to reflect:

• Changes to the Service or features
• New legal requirements
• Feedback from customers
• Changes in our data practices

Current version: This policy is version 1.0, last updated [DATE].

13.2 Notice of Changes

Material changes: If we make material changes that significantly affect your rights or how we use data, we will:

• Email you at your registered email address at least 30 days before the changes take effect
• Display a prominent notice in the ADO Pilot interface
• Update the "Last Updated" date at the top of this policy

Non-material changes: For minor updates (typos, clarifications, adding examples), we will update the policy without advance notice.

13.3 Your Acceptance

By continuing to use ADO Pilot after changes take effect, you accept the updated Privacy Policy. If you don't agree with the changes, you must stop using the Service and delete your account.

Version history: We maintain a version history of this Privacy Policy at [URL].

14. Contact Us

14.1 Privacy Questions

For questions, concerns, or requests related to this Privacy Policy:

Email: privacy@[yourdomain].com

Data Protection Officer: dpo@[yourdomain].com

Mail: [Your Business Entity Name] [Your Registered Address] [City], Tennessee [ZIP] United States

14.2 GDPR Representative (EU)

If we process significant amounts of EU data in the future, we may appoint an EU representative as required by GDPR Article 27. Contact details will be provided here.

14.3 Response Time

We aim to respond to all privacy inquiries within:

• GDPR requests: 30 days (or 60 days for complex requests)
• CCPA requests: 45 days
• General inquiries: 5-7 business days

15. Legal and Compliance

15.1 Governing Law

This Privacy Policy is governed by the laws of the State of Tennessee and the United States, without regard to conflict of law principles.

Jurisdiction: Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in Tennessee.

15.2 Compliance Certifications

Current compliance:

• Tennessee state data protection laws
• FTC Act (unfair and deceptive practices)
• GDPR (for EU users)
• CCPA (for California residents, if applicable)

Future certifications:

• SOC 2 Type II (planned)
• ISO 27001 (planned)

15.3 Regulatory Authorities

For EU users: You have the right to lodge a complaint with your local data protection authority. Find your authority at https://edpb.europa.eu/about-edpb/board/members_en.

For California users: California Privacy Protection Agency (CPPA) - https://cppa.ca.gov/

For Tennessee users: Tennessee does not have a dedicated data protection authority. Contact us directly or file a complaint with the Tennessee Attorney General's Office.

Appendix: Data Processing Summary (GDPR Article 30)

For EU customers, here's a summary of our data processing activities:

| Data Category | Purpose | Legal Basis | Retention | Recipient(s) | | -------------------------------------------- | ---------------------------------- | -------------------------------------------------- | --------------------------------------------------------------- | --------------------------------- | | Azure DevOps user info (email, name, org ID) | Authentication, service delivery | Performance of contract | Active account: indefinite; Deleted: 30 days | Microsoft Azure, Anthropic | | Source code (PR diffs) | AI code review | Performance of contract | Zero retention (immediate deletion) | Anthropic only | | Usage analytics | Service improvement, billing | Legitimate interest | Aggregate: indefinite; Customer-specific: 30 days post-deletion | Microsoft Azure | | Billing records | Payment processing, tax compliance | Legal obligation | 7 years | Payment processor (if applicable) | | Communications | Support, marketing | Consent (marketing), Legitimate interest (support) | Until opt-out or account deletion | Email service provider |

End of Privacy Policy

Internal Notes (Remove Before Publishing)

TODO before launch:

1. Replace [YOUR BUSINESS ENTITY NAME] with actual legal name
2. Replace [YOUR REGISTERED ADDRESS] with actual address
3. Set up privacy@[yourdomain].com and dpo@[yourdomain].com email addresses
4. Replace [DATE] with actual last updated and effective dates
5. Create subprocessor list page and replace [URL] references
6. Create version history page for privacy policy changes
7. Set up security@[yourdomain].com for breach notifications
8. Decide on payment processor (Stripe, PayPal, etc.) and update Section 5.4
9. Review and confirm all Azure region information
10. Get legal review from attorney (recommended but not required for MVP)

Optional enhancements:

• Add FAQ section for common privacy questions
• Create visual diagram of data flow (especially useful for enterprise customers)
• Translate into other languages for international customers
• Create summary "Privacy at a Glance" page for quick reference