PulseRepo
FeaturesWho it's forHow it worksPricingFAQContact us
Sign inStart free
← Back to PulseRepo

Privacy Policy

Last updated: June 28, 2026

PulseRepo reads your repository's history to surface questions worth asking — never to score, rank, or surveil the people who write the code. This policy explains what we collect, why, and the rights you have over it under the GDPR (EU/UK) and US privacy laws such as the California Consumer Privacy Act (CCPA/CPRA).

Plain-English summary: we access your repositories read-only, we analyze the git history rather than keeping a copy of your source code, we cache only the derived signals — never your source code, we don't sell or share your personal information for advertising, and you can export or delete your data at any time.

  • 1. Who we are
  • 2. Information we collect
  • 3. How we use it
  • 4. Legal bases (GDPR)
  • 5. Repositories & model keys
  • 6. Sharing & subprocessors
  • 7. International transfers
  • 8. Retention
  • 9. Security
  • 10. Your rights (EU/UK)
  • 11. Your rights (US/California)
  • 12. Cookies
  • 13. Children
  • 14. Changes
  • 15. Contact

1. Who we are

PulseRepo ("PulseRepo", "we", "us", "our") is the website at pulse-repo.com and the associated analysis service (the "Service"), operated by the person or entity that provides it. For the purposes of the GDPR, the operator of PulseRepo is the data controller for the personal data described here. For privacy questions, to exercise any of the rights below, or to request a postal contact address for a formal data-protection request, email [email protected].

2. Information we collect

Account information

When you register, we collect your email address and an authentication credential (a hashed password, or — if you sign in with Google, GitHub, GitLab, or Microsoft — a provider token and the basic profile fields that provider returns, typically your name and email).

Repository data

With your authorization, we access selected repositories using read-only scopes. We analyze metadata and history — commits, pull/merge requests, branches, review timing, file-change statistics and semantic diffs scoped to the window you choose. We do notkeep a persistent copy of your source code; we store the derived signals produced by an analysis to power your history and trends.

To avoid recomputing identical work, some derived signals — for example a commit's classification or a full analysis report — are also kept in a shared, content-addressed cache. Cache entries are keyed by the repository state and analysis options and never contain your source code. An entry is only ever served for a repository state the requesting account is itself authorized to access (and in the same attribution mode), so this sharing never exposes anything you could not already retrieve yourself.

Repository access credentials

To clone a private repository you connect, we use the access you grant. For an installed GitHub App or a GitLab authorization we mint short-lived access tokens on demand; for GitLab we additionally keep a refresh token, stored encrypted at rest. If instead you paste a personal access token, we store it encrypted at rest, never in plaintext. You can disconnect a repository or revoke our access from your provider at any time.

Model API keys

Optional AI features can use an API key you provide ("bring your own key"). We store such keys only to operate the features you enable, and we never use them for any other purpose.

Usage & technical data

We collect logs and technical information needed to run and secure the Service — IP address, browser/device type, timestamps, pages and actions, and error diagnostics.

Payments

If and when paid plans are offered, payments are handled by a third-party payment processor. We receive billing status and limited transaction details; we do not receive or store full card numbers.

Communications

If you email us or opt into product/digest emails, we keep that correspondence and your contact preferences. Transactional email (verification, security, billing) is sent via our email provider.

3. How we use information

  • To create and secure your account and authenticate you.
  • To run analyses you request and return results, including via cached derived signals.
  • To operate optional AI features using the model keys you supply.
  • To send transactional messages and, where you've opted in, digests and product updates.
  • To maintain, debug, and improve reliability, security, and performance.
  • To process payments and prevent fraud and abuse.
  • To comply with legal obligations and enforce our Terms.

We do not use your repository content or derived signals to train machine-learning models, and we do not sell your personal information.

4. Legal bases (GDPR)

  • Contract — to provide the Service you sign up for (accounts, analyses, results).
  • Legitimate interests — to secure, debug, and improve the Service and prevent abuse, balanced against your rights.
  • Consent — for optional marketing/digest emails and any non-essential cookies; you can withdraw consent at any time.
  • Legal obligation — to meet accounting, tax, and other legal requirements.

5. Repositories & model keys

Access to your repositories is read-only — PulseRepo never writes to, opens issues in, or modifies your code. You can disconnect a repository or revoke our access from your provider's settings at any time, and you can ask us to delete the cached signals for any repository. API keys you provide can be removed at any time, which disables the features that depend on them.

6. Sharing & subprocessors

We do not sell your personal information. We share data only with:

  • Infrastructure & hosting — cloud hosting and our network/CDN and security layer (e.g. Cloudflare) to deliver and protect the Service.
  • Email provider — to send verification, security, billing, and (opt-in) digest emails.
  • Identity providers — Google, GitHub, GitLab, Microsoft, only when you choose to sign in or connect with them.
  • AI model providers — only when you enable AI features, to process the specific request using your key.
  • Payment processor — to handle subscriptions, where paid plans apply.
  • Legal & safety — when required by law, or to protect rights, safety, and the integrity of the Service.

These providers act as our processors/subprocessors under appropriate data-processing terms.

7. International data transfers

We may process data in countries other than yours, including the United States. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) together with supplementary measures where needed.

8. Retention

We keep account data for as long as your account is active. Derived signals tied to your account are retained to serve history and trends until you delete the repository or your account. Entries in the shared content-addressed cache contain only derived signals — no source code and no link to your account — and may persist after you delete a repository to serve other authorized analyses; they are only ever served to an account authorized to access the same repository state. Logs are kept for a limited period for security and debugging. After deletion we remove or anonymize data within a reasonable period, except where we must retain it to meet legal obligations.

9. Security

We use encryption in transit, encryption at rest for repository access credentials, access controls, tenant isolation of your account's data and history, and least-privilege practices. Derived-signal caches that are shared to avoid recomputation are content-addressed — keyed by repository state, never source code — and only served to an account already authorized to access that state. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you and regulators of qualifying breaches as required by law.

10. Your rights — EEA, UK & Switzerland

Subject to the GDPR, you have the right to:

  • Access a copy of your personal data;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Data portability — receive your data in a portable format;
  • Withdraw consent at any time, without affecting prior processing;
  • Lodge a complaint with your local supervisory authority.

To exercise any right, email [email protected]. We respond within the timeframes required by law (generally one month under the GDPR).

11. Your rights — United States (California & other states)

Under the CCPA/CPRA and similar US state laws (e.g. Virginia, Colorado, Connecticut, Utah), you have the right to know what personal information we collect, to access and delete it, to correct it, and to be free from discrimination for exercising these rights. In the past 12 months we collected the categories below for the business purposes described in this policy:

CategoryExamplesSold / "Shared"?
IdentifiersEmail, name, account ID, IP addressNo
Account & auth dataHashed password, OAuth profile/token, encrypted repository access credentialsNo
Internet/usage activityLogs, pages, actions, diagnosticsNo
Repository-derived dataCommit/PR metadata, derived signalsNo
Commercial informationPlan and billing statusNo

We do not sell or "share" (for cross-context behavioral advertising) your personal information, and we do not knowingly process the personal information of minors for such purposes. To exercise your rights, email [email protected]. You may use an authorized agent, and we will verify requests against your account. We will not discriminate against you for exercising any of these rights.

12. Cookies

We use strictly necessary cookies/local storage to keep you signed in and to operate the Service. We do not use third-party advertising cookies. Where required, we ask for consent before setting any non-essential cookies.

13. Children

The Service is for users 16 and older (or the minimum age in your jurisdiction) and is not directed to children. We do not knowingly collect data from children; if you believe a child has provided us data, contact us and we will delete it.

14. Changes to this policy

We may update this policy from time to time. We'll revise the "last updated" date and, for material changes, provide additional notice. Continued use after an update means you accept the revised policy.

15. Contact

Questions or requests? Email [email protected]. EU/UK users also have the right to complain to their local data protection authority.

PulseRepo

Process-health visibility for the people who care about a codebase — written as questions, never as a verdict on the people who build it.

Product

  • Features
  • How it works
  • Pricing
  • Sign in

Who it's for

  • Tech leads
  • Founders
  • Investors

Company

  • FAQ
  • Contact
  • Privacy
  • Terms
© 2026 PulseRepo. All rights reserved.Built for clarity, not surveillance.