Legal

Privacy Policy

Last updated: April 7, 2026

Introduction

Pullminder ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our GitHub application.

By using Pullminder, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account or start a trial, we collect your name, work email address, company name, job title, and team size. This information is necessary to provide and personalize our services.

Repository Metadata

When you connect Pullminder to your GitHub organization, we collect repository metadata including repository names, pull request metadata (titles, authors, file paths, diff statistics), and branch information. We do not store your full source code. For risk analysis and AI-generated reviewer briefs, we process diff hunks (changed lines only, capped at ~3KB per PR) from files with detected issues. Organizations can disable AI brief generation entirely.

Usage Data

We automatically collect information about how you interact with our services, including pages visited, features used, browser type, IP address, and access timestamps. This data helps us improve our product and troubleshoot issues.

Analysis Results

We store the outputs of our verification engine, including risk scores, policy check results, reviewer briefs, and flagged issues. These results are tied to your organization and are accessible only to authorized members of your team.

How We Use Your Information

  • To provide, maintain, and improve our verification services
  • To generate risk scores, reviewer briefs, and policy enforcement reports
  • To send alerts and notifications through your configured channels (Slack, email)
  • To produce aggregate analytics and trend reporting for your dashboard
  • To communicate with you about your account, trials, and service updates
  • To comply with legal obligations and enforce our terms of service

Data Security

Security is foundational to Pullminder. We implement the following measures to protect your data:

AI-Assisted Analysis

Reviewer briefs are generated using Anthropic Claude. Only PR metadata and up to ~3KB of diff hunks from flagged files are sent — never full source code. Organizations can disable AI briefs in Settings.

Encryption

All data encrypted in transit via TLS. Slack webhook URLs are encrypted at rest with AES-256-GCM and persisted in a dedicated encrypted column with key rotation support. View architecture details →

Security Controls

HMAC webhook validation, CSRF protection, parameterized queries, rate limiting, org-scoped access control, and structured audit logging. Hosted in the EU, GDPR-native by design.

Access Controls

Role-based access controls, audit logging, and the principle of least privilege govern all access to customer data.

Data Retention

By default, analysis metadata is retained for 90 days to support trend reporting and dashboards. You can configure custom retention windows per resource type through the Settings page in the Pullminder dashboard.

Account information is retained for the duration of your subscription and for 90 days following account closure, after which it is permanently deleted.

Third-Party Services

Pullminder integrates with third-party services to provide its functionality. These include:

  • GitHub— For repository access, webhook events, and PR status checks
  • Slack— For alert delivery (when configured by your organization)
  • Anthropic— For AI-powered reviewer brief generation (opt-in per organization)
  • Cloud Infrastructure— For hosting, compute, and encrypted storage

Each integration is governed by the respective provider's own privacy policy. We share only the minimum data required for each integration to function.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data
  • Portability — Request transfer of your data in a machine-readable format
  • Objection — Object to processing of your personal data for certain purposes

To exercise any of these rights, contact us at privacy@pullminder.com.

Cookies

We use essential cookies to maintain session state and preferences. We do not use third-party advertising or tracking cookies. Analytics cookies are only used in aggregate to understand site usage patterns and are never linked to individual identities.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of Pullminder after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@pullminder.com or through our contact form.