PullMaster

Privacy Policy

Last updated: February 7, 2026

1. What Information We Collect

PullMaster collects the following types of information to provide reviewer recommendations:

GitHub Account Information

When you install the PullMaster GitHub App, we receive your GitHub username, avatar, and organization membership information through GitHub's OAuth authentication system.

Repository Metadata

We access metadata about your repositories, including file paths, commit history, pull request information, code review history, and file change statistics. This information is used to calculate reviewer expertise and familiarity with specific files and code areas.

Pull Request Diffs

When analyzing a pull request, we temporarily process the diff (changes) to understand what code was modified. These diffs are processed transiently for analysis purposes and are not stored in their raw form.

Derived Data

We generate and store derived data including:

  • Vector embeddings for semantic code matching
  • Reviewer expertise scores and rankings
  • File touch statistics (who worked on which files and when)
  • Author-reviewer affinity metrics
  • Workload balancing data

2. What We Do NOT Collect or Store

PullMaster is designed with privacy in mind. We explicitly do NOT collect or store:

  • Raw source code: We never store your actual source code files. We only process diffs temporarily and generate embeddings.
  • Passwords or GitHub tokens: Authentication is handled entirely through GitHub's OAuth flow. We never see or store your GitHub password or access tokens.
  • Personal information beyond GitHub profile: We do not collect email addresses, phone numbers, or other personal information beyond what GitHub provides through their API.

3. How We Use Your Information

We use the collected information to:

  • Generate intelligent reviewer recommendations for pull requests
  • Calculate risk scores and reviewer expertise based on code history
  • Improve recommendation quality through machine learning
  • Balance reviewer workload across your team
  • Respect code ownership patterns (e.g., CODEOWNERS files)

We do not use your information for advertising, marketing to third parties, or any purpose other than providing the PullMaster service.

4. Third-Party Services

PullMaster uses the following third-party services to provide its functionality:

GitHub API

We use GitHub's API for authentication and to access repository information. Your use of GitHub is subject to GitHub's Privacy Statement.

OpenAI and Anthropic

We use OpenAI and Anthropic's LLM services for code understanding and explanation generation. Pull request diffs may be sent to these providers for processing, but they are not stored by these providers beyond their standard API data handling practices. Please review OpenAI's Privacy Policy and Anthropic's Privacy Policy.

VoyageAI

We use VoyageAI for generating vector embeddings that enable semantic code matching. Code diffs may be sent to VoyageAI for embedding generation but are not stored. Please review VoyageAI's Privacy Policy.

5. Data Retention

We retain your data (embeddings, scores, and derived metrics) for as long as the PullMaster GitHub App is installed on your repositories. If you uninstall the App or request deletion, we will delete your data within 30 days.

You may request deletion of your data at any time by contacting us at hello@pullmaster.ai.

6. Data Security

PullMaster is hosted on Hetzner's US cloud infrastructure. We implement industry-standard security measures including:

  • Encryption in transit using TLS
  • Strict adherence to GitHub's permission model (principle of least privilege)
  • Secure authentication through GitHub OAuth (no password storage)
  • Regular security updates and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Note: PullMaster is not currently SOC 2 compliant. We take security seriously and follow best practices, but we have not completed a formal SOC 2 audit at this time.

7. Your Rights

You have the right to:

  • Access your data: Request a copy of the data we have collected about you
  • Delete your data: Request deletion of your data at any time
  • Revoke access: Uninstall the PullMaster GitHub App from your repositories at any time to immediately stop data collection
  • Opt out: Stop using the Service by uninstalling the App

To exercise these rights, contact us at hello@pullmaster.ai.

8. Children's Privacy

PullMaster is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@pullmaster.ai.

PullMaster LLC
https://www.pullmaster.ai