1. Introduction
SafeCommit helps engineering organizations detect hidden operational risk behind pull requests before changes reach production. This Privacy Policy explains what information we process, why we process it, and how we protect it.
2. Information we process
Depending on configuration, SafeCommit may process:
- pull request diffs, changed file paths, commit metadata, branch names, repository metadata, and review status;
- issue or ticket context from tools such as Jira or Linear when connected by the customer;
- CI/CD, deployment, rollback, ownership, incident, and service metadata used to assess operational risk;
- analysis outputs such as risk signals, recommendations, severity, audit logs, and governance decisions;
- technical logs needed to operate, secure, debug, and improve the service.
3. Customer code
SafeCommit is designed to minimize source-code processing and to focus on pull request diffs, changed paths, and operational context needed for risk analysis. SafeCommit does not train models on customer code.
4. How we use information
- to detect operational blast radius, hidden dependencies, missing validation, orchestration risk, incident correlation, and deployment timing risk;
- to generate risk assessments, status signals, recommendations, and audit records;
- to support pilots, onboarding, troubleshooting, and customer success;
- to operate, secure, monitor, and improve SafeCommit.
5. AI model usage
SafeCommit may use automated analysis and AI-assisted reasoning to evaluate operational consequences of changes. We do not intentionally use Customer Content to train foundation models. Where third-party AI infrastructure is used, we aim to send only the minimum context required for analysis.
6. Retention
We retain processed information only as long as reasonably necessary to provide the service, preserve auditability, maintain security, comply with legal obligations, and support customer-requested governance records.
7. Security
SafeCommit uses reasonable technical and organizational safeguards, including access controls, limited access to Customer Content, encryption where appropriate, audit logs, secure development practices, and monitoring. No method of transmission or storage is completely secure.
8. Data location and transfers
SafeCommit may process data in the European Union, the United States, or other jurisdictions depending on customer configuration and subprocessors. Where required, SafeCommit uses appropriate transfer mechanisms such as Standard Contractual Clauses.
9. Business customers
When SafeCommit processes personal data contained in Customer Content on behalf of a business customer, SafeCommit acts as processor and the customer acts as controller. The Data Processing Agreement governs that processing.
10. Contact
Privacy questions can be submitted through the .