Privacy Policy for Our Customers

We understand the importance of protecting intellectual property (IP) as a trusted partner to our customers. With access to your version control and project management environments, we prioritize robust security measures and transparent data practices.

 

1. Robust Security Practices
   
   Our commitment to IP security starts with implementing strong access controls, encryption standards, and secure storage practices. Here’s how we protect your intellectual property:

   • Access Controls: Our servers and databases are rigorously password-protected and stored in physically secure locations accessible only to authorized personnel. This minimizes the risk of unauthorized access, whether physical or remote.

   • Encrypted Network Communications: Data transfers between our servers, third-party AI providers, version control, and project management systems are secured using SSL/TLS encryption, preventing unauthorized data interception. Additionally, communications within our internal systems (analytics software, databases, and web applications) are encrypted, adding a further layer of IP security during internal data exchanges.
      

2. Data Retention and Storage Transparency
   
   To deliver reliable insights, we retain certain historical data, such as the state of repositories, full commit histories, and file versions. This allows us to provide robust tracking of development activity, code copying, and workflow analysis. We understand that permanent data retention raises concerns, and we are committed to full transparency in our data storage practices.
   
   Specifically, we store:

   • Repository and Version Control History: We retain the state of customer repositories and version control histories, which allows us to offer detailed reporting, including historical data from deleted branches.

   • API Keys and Credentials: Access credentials for version control and project management systems are stored securely on our servers, although they are not encrypted. While access is restricted, we are also working to add further security protections.

   • LLM Inputs and Outputs: To support quality analytics, we cache and log LLM interactions, such as file diffs, commit messages, and developer summaries, which are retained securely across multiple storage locations.
     ​

3. Third-Party AI Providers Have Separate Privacy Policies
   
   When you sign up for DevTruth.ai, you'll provide your own API key from a third-party AI provider of your choice (such as OpenAI, Claude, Gemini, etc.). Our software will use the API key and AI provider you choose to generate your reports. The third-party AI provider you choose will handle all data under their own privacy policy, not ours. We also offer a self-hosted solution where you can connect your own open-source LLMs to process your data within your own environment. Contact us to learn more about this offering.
    

4. Addressing Specific Security Risks
   
   We are addressing specific IP management risks, such as API key protection and network traffic encryption. Key risk factors we are actively mitigating include:

   • Server Access Security: Servers containing sensitive data are being strengthened with enhanced protections, including evaluating encryption options and exploring secure data access methods to minimize exposure.

 

Conclusion

 

As your trusted partner, we are dedicated to protecting the intellectual property you entrust to us. Through strong security measures, transparent practices, and a commitment to continuous improvement, we ensure the safe handling of data accessed through your version control and project management environments.