Privacy Policy

When you use Mesrai's AI PR Review service, we collect the following information:

• GitHub Account Information: When you connect your GitHub account, we collect your username, email address, and repository access permissions you grant us.
• Pull Request Data: We access and analyze pull request content including code changes, commit messages, file names, and PR descriptions to provide AI-powered reviews.
• Code Content: We temporarily process your source code to analyze it and provide suggestions, identify potential issues, and generate review comments.
• Usage Data: We collect information about how you use our service, including which repositories you connect, review frequency, and feature usage.
• Website Usage: Basic analytics about your visits to our website, pages viewed, and time spent.
• Communication Data: If you contact us via email or support channels, we keep records of that correspondence.

Important: We do not store your code permanently. Code is processed temporarily for AI analysis and then deleted. We do not use your code to train AI models or share it with third parties. Payment information is handled by Stripe and never stored on our servers.

Cookies are small files that provide information regarding the computer or device used by a visitor. We may use cookies to gather information about your system to assist us in improving our website.

• This data is statistical and does not identify you personally. You can adjust the settings on your computer to decline cookies if you wish.
• We utilize the following types of cookies:

• Technical Cookies: These are necessary for the website to function correctly.
• Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.
• Customization Cookies: These cookies help us provide enhanced functionality and personalization.
• Behavioral Advertising Cookies: These may be set through our site by our advertising partners to build a profile of your interests and show you relevant ads on other sites.

We use the information we collect to provide and improve our AI PR review service:

• AI Code Analysis: We process your pull request code using AI models to identify bugs, suggest improvements, detect security vulnerabilities, and provide code quality feedback.
• Service Delivery: To provide you with AI-powered pull request reviews, generate comments, and deliver review results to your GitHub repositories.
• Service Improvement: To understand how users interact with our service, identify areas for improvement, and develop new features.
• Communication: To send you important updates about our service, respond to your inquiries, and provide customer support.
• Account Management: To manage your subscription, process payments (via Stripe), and maintain your account settings.
• Security: To detect and prevent fraud, abuse, and security issues with our service.

We do NOT: (1) Sell your data to third parties, (2) Use your code to train AI models, (3) Share your code with anyone, or (4) Send marketing emails unless you explicitly opt-in.

As an early-stage startup, we want to be transparent about our data practices:

• Temporary Code Processing: Your code is processed in-memory for AI analysis and is not permanently stored. Once the review is complete, the code is deleted from our systems.
• Secure Infrastructure: We use industry-standard cloud hosting providers with encryption in transit (HTTPS/TLS) and at rest.
• Access Controls: Only authorized team members have access to operational data, and we use strong authentication and authorization practices.
• Third-Party AI Services: We use reputable AI service providers (like OpenAI, Anthropic) to perform code analysis. Your code is sent to these services with their respective data protection agreements.
• Data Retention: We retain account information and usage analytics as long as your account is active. You can request deletion of your data at any time.
• No Enterprise Certifications Yet: We do not currently have SOC2, ISO 27001, or similar certifications. As we grow and scale, we plan to pursue these certifications.

Security Commitment: While we're early stage, we take security seriously. We implement best practices including encrypted connections, secure coding practices, regular security reviews, and limiting data collection to what's necessary for our service.

We are committed to keeping your data private. Here's when we share information:

• AI Service Providers: We share your code temporarily with AI providers (OpenAI, Anthropic, etc.) to perform the analysis. These providers have their own data protection policies.
• Payment Processing: Payment information is handled directly by Stripe. We never see or store your credit card details.
• GitHub Integration: We use GitHub's API to access your repositories and post review comments. This follows GitHub's OAuth and API guidelines.
• Analytics Services: We may use privacy-focused analytics tools (like Plausible or PostHog) to understand usage patterns. These are anonymized and aggregated.
• Legal Requirements: We may disclose information if required by law, court order, or to protect our rights and users' safety.

What we DON'T do: We do not sell, rent, or trade your data. We do not share your code with anyone except the AI services necessary to provide reviews. We do not use your code for any purpose other than providing you with reviews.

Our service integrates with several third-party platforms:

• GitHub: We integrate with GitHub to access your repositories and pull requests. GitHub's own privacy policy and terms apply to their services.
• AI Providers: We use AI services from providers like OpenAI and Anthropic. Each has their own data processing agreements and privacy policies.
• Stripe: Payment processing is handled by Stripe. Your payment information is subject to Stripe's privacy policy.
• External Links: Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites.

We recommend reviewing the privacy policies of these third-party services to understand how they handle your data.

You have control over your data. Here are your rights:

• Access Your Data: You can request a copy of the personal data we have about you.
• Delete Your Data: You can request deletion of your account and associated data at any time by contacting us.
• Disconnect Integration: You can revoke Mesrai's access to your GitHub repositories at any time through your GitHub settings.
• Opt-Out of Communications: You can unsubscribe from marketing emails (if any) at any time. Service-related emails cannot be opted out of while you have an active account.
• Data Portability: You can request your data in a portable format.
• Correct Information: You can update or correct your account information at any time.

To exercise any of these rights, please contact us at contact@mesrai.com. We will respond to your request within a reasonable timeframe.

• As we grow and improve our service, we may update this privacy policy. When we make changes, we will update the "Last Updated" date at the top of this page.
• For significant changes, we will notify you via email (if you have an account) or through a notice on our website.
• We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

• Email: contact@mesrai.com
• We're a small team, but we take privacy seriously and will respond to your inquiries as quickly as possible.

By using Mesrai, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our service.