Refacto Privacy Policy

Refacto is an AI-powered code review platform operated by DevDynamics, Inc. (“Refacto”, “we”, “our”, or “us”). This Privacy Policy explains how we collect, use, and protect information when you use the Refacto service (the “Service”).

1. Information We Collect

We collect several types of information when you use the Service.

Account Information

When you create an account, we may collect:
- name
- email address
- organization name
- login credentials
- billing information (if applicable)

Repository and Development Data

To provide automated code review, the Service may access development data from connected repositories. This may include:
- source code submitted for analysis
- pull requests and code diffs
- commit history
- repository metadata
- project structure and dependencies
- generated code review results
This data is processed only to provide features of the Service.

Code-Derived Context Data

If certain advanced features are enabled, the Service may generate structured representations derived from source code (“Code-Derived Context Data”). Examples may include contextual or structural representations that help the Service understand relationships within a codebase. These representations are designed so they cannot reconstruct the original source code. Storage of Code-Derived Context Data is an optional feature and may be disabled through account settings.

Usage Data

We collect information about how the Service is used, including:
- feature usage
- system logs
- error reports
- performance metrics
This information helps us operate and improve the Service.

2. How We Use Information

We use collected information to:
- provide and operate the Service
- generate automated code review feedback
- maintain system reliability and security
- improve product features and performance
- respond to customer support requests
- comply with legal obligations

3. AI Model Training

Refacto does not use customer source code to train publicly available or third-party general-purpose AI models without explicit customer consent. Data derived from usage of the Service may be used in anonymized and aggregated form to improve the functionality and performance of the platform.

4. Data Sharing

We do not sell customer data. We may share information with trusted service providers who help operate the Service, including:
- cloud infrastructure providers
- AI model providers
- analytics providers
- payment processors
These providers are authorized to process data only as necessary to provide services to Refacto and are bound by confidentiality and security obligations.

5. Security

We implement commercially reasonable technical and organizational measures designed to protect customer data. These measures include:
- encryption of data in transit
- access controls
- infrastructure monitoring
- logging and security auditing
However, no internet-based system can guarantee absolute security.

6. Sensitive Information in Code

The Service analyzes code submitted through repository integrations. Users should avoid including sensitive credentials such as:
- passwords
- private keys
- authentication tokens
- secrets
unless necessary for normal development workflows.

7. Data Retention

We retain information only as long as necessary to operate the Service and meet legal obligations. This may include:
- repository metadata
- generated review results
- Code-Derived Context Data
If repositories are disconnected or relevant features are disabled, associated derived data will be deleted or permanently de-identified within a commercially reasonable period, subject to standard backup retention policies.

8. International Data Transfers

Refacto operates globally and may process data in the United States or other jurisdictions where our infrastructure providers operate. When transferring personal data internationally, we implement appropriate safeguards where required by applicable law.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including:
- access to your data
- correction of inaccurate data
- deletion of personal data
- data portability
- withdrawal of consent
Requests can be submitted to [email protected].

10. Third-Party Services

The Service may integrate with third-party platforms such as version control systems. Your use of those services is governed by their own privacy policies and terms. Refacto is not responsible for third-party services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users through one of these channels:
- email
- product notifications
- updates on our website
The updated policy will include a new “Last Updated” date.

12. Contact

For privacy-related inquiries, please contact:
Refacto Privacy Team
DevDynamics, Inc.
Email: [email protected].