CodePulseBack to Home

Privacy Policy

We believe in transparency. Here's exactly what data we collect, how we use it, and your rights regarding your information.

Information We Collect

When you connect CodePulse to your GitHub account, we collect and process the following information to provide our engineering analytics service.

What We Collect

  • GitHub user profile (username, display name, avatar URL, email)
  • Organization and repository names and metadata
  • Pull request metadata (titles, authors, timestamps, review status, merge status)
  • Commit metadata (SHA, author, timestamp, additions/deletions count)
  • Code review activity (reviewer, timestamp, approval status)
  • CI/CD status check results (pass/fail status only)

What We Never Collect

  • Source code contents - we never read your actual code
  • Issue descriptions, comments, or discussion content
  • Private messages or team discussions
  • Secrets, API keys, or environment variables
  • CI/CD logs or deployment configurations
  • Personal data beyond your GitHub profile

How We Use Your Information

We use your information solely to provide and improve the CodePulse engineering analytics service:

Analytics & Metrics: - Calculate DORA metrics (deployment frequency, lead time, change failure rate, MTTR) - Generate cycle time analysis and team velocity metrics - Identify knowledge silos and collaboration patterns - Create developer leaderboards and recognition systems

Service Operation: - Authenticate your identity via GitHub OAuth - Display dashboards and reports in the CodePulse interface - Send service-related notifications (sync status, alerts you configure)

Service Improvement: - Aggregate anonymized usage patterns to improve the product - Debug and fix technical issues

We do NOT: - Sell your data to third parties - Use your data for advertising - Share individual developer metrics outside your organization - Train AI models on your code or data

Data Storage & Security

Your data security is our top priority. Here's how we protect your information:

Encryption: - Data at rest: AES-256 encryption - GitHub tokens: Encrypted separately using Fernet encryption - Data in transit: TLS 1.3 for all connections - Database connections: Encrypted and authenticated

Multi-Tenant Isolation: - Each organization's data is completely isolated at the database level - Organization-specific filtering on every database query - No cross-organization data access possible

Infrastructure: - Hosted on SOC 2 compliant cloud infrastructure - Regular automated backups with encryption - Network isolation between components - No direct database access - all queries through authenticated APIs

Retention: - Active data retained while your account is active - Deleted data permanently removed within 30 days - Backup data purged according to backup rotation schedule

Data Sharing

We do NOT sell your data. Ever. Our business model is software subscriptions, not data brokering.

We do NOT share your data with third parties for marketing, advertising, or any commercial purposes.

Limited third-party services we use: - Cloud hosting provider (infrastructure only) - Error monitoring service (anonymized error reports only) - Google Analytics (anonymized usage analytics to understand user behavior) - Microsoft Clarity (session recording and analytics to improve user experience)

All third-party providers are vetted for security compliance and bound by data processing agreements that prohibit them from using your data for any purpose other than providing their service to us.

Legal Disclosure: We may disclose your information if required by law, court order, or government request. We will notify you of such requests unless legally prohibited from doing so.

Your Rights

You maintain full control over your data at all times:

Access: You can view all data we have about your organization through the CodePulse dashboard.

Export: Download all your organization's data as CSV files at any time. Every metric, every data point - it's yours.

Delete: Request deletion of all your organization's data from Settings. Once deleted, data is permanently removed from our systems within 30 days.

Revoke Access: You can revoke CodePulse's GitHub access at any time: 1. Go to GitHub → Settings → Applications → Authorized OAuth Apps 2. Find CodePulse and click "Revoke" 3. We immediately lose access to your repositories

Modify Scope: Add or remove repositories from analysis at any time. We only sync data from repositories you explicitly choose.

GDPR Rights (for EU users): - Right to access: Export all your data anytime - Right to rectification: Contact us to correct inaccurate data - Right to erasure: Delete all data with one click - Right to data portability: CSV export of all metrics - Right to object: Contact us to opt out of specific processing

Cookies & Tracking

Authentication Tokens: We use JWT (JSON Web Tokens) stored in your browser's localStorage to maintain your authenticated session. These tokens expire after 30 minutes of inactivity.

Local Storage: We store your preferences (selected organization, dashboard settings) in localStorage for convenience.

Analytics & Session Recording: We use analytics tools to understand how users interact with our product and improve the experience:

Google Analytics: - Page views and navigation patterns - User demographics and interests (aggregated, anonymized) - Device and browser information - Traffic sources and referrals

Microsoft Clarity: - Mouse movements, clicks, and scrolls - Page navigation and interactions - Technical information (browser type, screen size, device type) - Session replays to help us debug issues and improve user experience

These tools do NOT record: - Keystrokes or form inputs (except non-sensitive fields we explicitly track) - Payment information - Personal conversations or messages - Any data from pages you visit outside CodePulse

You can learn more about their privacy practices: - Google Analytics: https://policies.google.com/privacy - Microsoft Clarity: https://clarity.microsoft.com/privacy

What We Don't Use: - Advertising or remarketing cookies - Social media tracking pixels - Third-party analytics for ad targeting

Essential Cookies Only: The only cookies we set are strictly necessary for the service to function (authentication state). Analytics are collected via first-party scripts only.

Children's Privacy

CodePulse is a professional engineering analytics tool intended for use by software development teams and organizations.

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@codepulsehq.com and we will promptly delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

How we notify you: - Material changes: Email notification to account administrators - Minor changes: Updated "Last modified" date on this page - All changes: Posted to this page with revision history

Your continued use of CodePulse after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

Last modified: December 2025

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@codepulsehq.com

For security concerns: security@codepulsehq.com

We aim to respond to all privacy inquiries within 5 business days.

Related Pages

Security & Data ProtectionTerms of Service