How We Protect Your Data
CodeVitals analyses your team's engineering patterns — not your code. Here's exactly what we access, what we don't, and how we keep your data safe.
What we read
When you install the CodeVitals GitHub App, we request read-only access to the repositories you select. We use this to analyse:
- Commit messages and timestamps
- Pull request titles, descriptions, and review activity
- Branch names and merge events
- Contributor names and email addresses
- Repository metadata (name, language, visibility)
- Webhook events (push, PR opened/merged/closed)
This is the same metadata you see on GitHub's contributor graph and pulse page — activity patterns, not code.
What we never access
- ✕Your source code (file contents, diffs, or blobs)
- ✕Secret keys, tokens, or environment variables
- ✕Issues, wikis, or discussions
- ✕GitHub Actions workflows or logs
- ✕Personal repositories you haven't connected
- ✕Direct messages or GitHub notifications
Clone, analyse, delete
To extract commit history and PR metadata, we perform a shallow clone of each connected repository on a secured worker. The process is:
- Clone — shallow fetch of git history (no file contents needed for metadata extraction)
- Extract — read commit messages, timestamps, authors, and PR data
- Delete — the clone is wiped immediately after extraction. Nothing persists to disk.
Source code is never stored, logged, cached, or transmitted beyond the analysis worker. The worker filesystem is ephemeral.
Data isolation
Every piece of data in CodeVitals is scoped to your organisation.
- All database queries are filtered by your organisation ID — there is no way to access another organisation's data
- API endpoints and server actions verify your Clerk authentication before returning any data
- The AI chatbot derives your organisation scope from your auth session, not from user input — it cannot be tricked into accessing other accounts
- Shared comparison links use HMAC-signed URLs with tamper detection and 30-day expiry
Infrastructure
| Service | Purpose | Data |
|---|---|---|
| Vercel | Web application hosting | No data stored |
| Neon (PostgreSQL) | Database | Scores, insights, coaching — no source code |
| Railway | Analysis worker | Ephemeral clones, deleted after each run |
| Clerk | Authentication | Email, name, GitHub OAuth tokens |
| Stripe | Billing | Subscription status only — no card details stored by us |
| Anthropic (Claude) | AI summaries | Score data and metadata sent for analysis — no source code |
| PostHog | Product analytics | Anonymous page views and feature usage |
You are always in control
- Choose exactly which repositories CodeVitals can access during installation
- Disconnect any repository at any time from your dashboard settings
- Revoke the GitHub App entirely from your GitHub settings — all access stops immediately
- Request a full data export or account deletion at any time
Have a security question or need more detail?