Privacy Policy

Last updated: March 2026

1. What Data We Collect

When you install and use CodeHawk, we collect the following:

• GitHub organization name — to associate your subscription plan.
• GitHub installation ID — to authenticate webhook deliveries from GitHub.
• Subscription plan status — free or Pro, as reported by GitHub Marketplace.
• Pull request diffs — the code changes in each PR, sent for AI review (see Section 3).
• PR metadata — repository name, PR number, and file paths, used to post inline review comments.

We do not collect personal information such as names, email addresses, or GitHub usernames unless you contact us directly.

2. How We Use Your Data

Data collected is used solely to operate the Service:

• PR diffs and metadata are sent to the Anthropic Claude API to generate review comments.
• Org name and plan status are used to enforce free tier limits and grant Pro access.

We do not use your code or PR data for training machine learning models, advertising, or any purpose other than delivering the review.

3. Data Retention

Code diffs are not stored. They are transmitted to the Anthropic API in real time and discarded immediately after the review is generated. We retain only billing metadata (org name, plan, installation ID) for as long as you have the app installed.

When you uninstall CodeHawk, your billing metadata is retained for 90 days for audit purposes, then permanently deleted.

4. Third Parties

CodeHawk relies on the following third-party services:

• Anthropic Claude API — PR diffs are sent here for AI analysis. Anthropic's privacy policy governs their handling of API data: anthropic.com/privacy. Anthropic does not use API inputs to train their models.
• GitHub — webhooks and Marketplace billing are managed by GitHub. See GitHub's Privacy Statement.

We do not sell your data to any third party.

5. Security

All communication between CodeHawk, GitHub, and the Anthropic API occurs over HTTPS/TLS. Webhook payloads are verified using GitHub's HMAC signature. We do not log raw PR content to disk.

6. Your Rights

You can stop all data processing at any time by uninstalling the CodeHawk GitHub App. To request deletion of your billing metadata before the 90-day retention window, email us at privacy@crossgen-ai.com.

7. Changes to This Policy

We may update this policy periodically. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the Service constitutes acceptance of any changes.

8. Contact

Privacy questions or data requests: privacy@crossgen-ai.com