Effective date: April 29, 2026
CodeSight is a GitHub App that reviews Python pull requests. This policy explains what data we collect, how we use it, and what we don't do with it.
When a pull request is opened or updated in a repository where CodeSight is installed, we receive the diff of that PR — the lines of code that changed. We do not access your full codebase, commit history, issues, or any other repository content beyond the diff of the specific PR being reviewed.
PR diffs are sent to OpenAI's API to generate review comments. Diffs are processed in-flight and never stored permanently. We retain no copy of your source code after the review is complete.
CodeSight requests the minimum permissions required to do its job:
We do not request access to issues, projects, wikis, secrets, actions, or any other GitHub resource.
If you provide your email address during setup (at /setup), it is stored in our database. We use it to send product updates, onboarding information, and occasional announcements about CodeSight.
We do not sell, rent, or share your email address with third parties. You can request deletion at any time by emailing codesight@polsia.app.
CodeSight uses the following third-party services to operate:
We do not sell data to any third party.
Installation records (GitHub installation ID, repository info, setup email) are retained as long as CodeSight is installed in your organization. If you uninstall the GitHub App, you can request full deletion of your data by contacting us.
PR diff content is never persisted — it is discarded after each review.
CodeSight uses HTTPS for all communications. Database connections are encrypted. We follow standard security practices for API key management and access control.
If we make material changes to this policy, we will update the effective date above. Continued use of CodeSight after changes constitutes acceptance of the updated policy.
Questions, data deletion requests, or anything else privacy-related: codesight@polsia.app