Privacy Policy

Last updated: June 2026

ReviewDocs is a document-native review experience for Markdown in GitHub repositories. This policy explains what we store and what we don't. It is written to reflect how the product actually works.

What we do NOT store

We do not store your repository contents. Markdown documents, diffs, file trees, commits, and pull request data are fetched from GitHub on demand each time you open a page, rendered in memory, and streamed to your browser. They are not written to our database.

What we store

We persist only review metadata needed to power discussions:

• Your GitHub identity (id, login, name, avatar URL, email).
• Installations and repository identifiers for repos where ReviewDocs is installed.
• Review threads and comments you write, including short text snippets of the anchored block (so a comment can survive document edits).
• Approval state on pull requests.

Access tokens

Your GitHub OAuth token is stored only in an encrypted, HTTP-only session cookie in your browser — not in our database. The GitHub App's private key and webhook secret live in server environment variables.

Who we share data with

We call the GitHub API to read repository content and to post review comments back to your pull requests. We use a hosting provider and a managed Postgres database to run the service. We do not sell your data or use third-party advertising or analytics trackers.

Data deletion

When you uninstall the ReviewDocs GitHub App from an account, we delete that installation's repositories and all associated review threads, comments, and approvals. To request deletion of your user record, contact us.

Contact

Questions about privacy? Email support@reviewdocs.ai.