livecopy
Sign Up

Privacy Policy

Our privacy policy and how we use your data

This Privacy Policy describes how livecopy ("we", "us", "our", "livecopy") collects, uses, and discloses your Personal Information when you use our application livecopy ("the App"). By using the App, you agree to the collection and use of information in accordance with this policy.

At livecopy, we are deeply committed to the privacy of your data. This Privacy Policy outlines our rigorous practices and protocols designed to protect your information, emphasizing our dedication to privacy, security, and compliance with industry standards. Our objective is to maintain a secure and trustworthy environment for all our users.

Data Collection and Use

While using our App, we may collect information related to your codebase, commits, GitHub tickets, pull requests (PRs), and PR comments. This data is essential to understand your interaction with our App and to continually improve our services. Specifics include:

  • Code Storage: The code from GitHub is fetched at runtime and is not permanently stored on our servers. Instead, we store non-readable embeddings of the codebase ensuring data privacy.
  • AI Models and Data Handling: Our AI models, powered by OpenAI and Anthropic, are used for code generation. These providers do not use this data for training and retain it for only 30 days.
  • Data Ownership: You retain full ownership of all data provided to and generated by the App. We use this data solely to power our products and enhance its functionality. Your data can be securely deleted upon request or post-subscription termination.

The collected data is used for:

  • Automatically generating and modifying PRs.
  • Providing valuable insights to improve the App.
  • Monitoring App usage and addressing technical issues.

GitHub Access and Data Storage

To enable seamless operation and integration with your development workflow, livecopy requires specific access to GitHub repositories. Here's an overview of how we handle this access:

  • Read and Write Access: We have read access for gathering necessary data related to commits, pull requests (PRs), and other repository activities. Write access is utilized to facilitate the creation of pull requests, including file creation, branch creation, and commit generation.
  • Data Handling: Your files are fetched at runtime, and we do not store any files permanently on our servers. We prioritize the integrity and confidentiality of your data at every step.
  • Branch Protection Compliance: livecopy fully respects and complies with GitHub's branch protection rules, ensuring that your code's security and workflow integrity are maintained:
    • No Direct Pushes to Protected Branches: livecopy cannot directly push changes to your protected branches. Any modifications proposed by livecopy are submitted through the standard pull request process.
    • Adherence to Review Processes: All changes made by livecopy undergo your team's established pull request review process, upholding your project's governance, coding standards, and quality checks.
    • No Access to Modify Branch Protection Settings: livecopy does not have the capability to modify or update your branch protection settings. This ensures that your repository's security configurations remain under your team's exclusive control.
  • Secure Authentication: We use GitHub's recommended authentication method, ensuring secure and controlled access to your repositories. The necessary installation ID is stored securely, and we maintain detailed logs of all actions taken, which users can request to review.

Privacy Best Practices

Our dedication to securing customer data is evident in our adoption of industry-leading security practices:

  • Secrets Management: Google Cloud Secret Manager is employed for robust secrets management.
  • Network Segmentation: Separating web servers and databases enhances overall security.
  • Data Retention: Customer data can be securely deleted upon request or post-subscription termination.
  • Data Encryption: All REST API transmissions are HTTPS-protected, and we use TLS for data encryption.
  • Cloud & Managed Infrastructure: Leveraging Google Cloud's infrastructure ensures robust data security.
  • Access Control: Stringent access controls restrict data access to authorized personnel only.
  • Real-time Surveillance: Continuous monitoring ensures immediate response to potential security threats.
  • Comprehensive Logging: Detailed API call logs facilitate effective security analysis and auditing.
  • Multi-Tenant Architecture: Ensures logical segregation and isolation of customer data.
  • Third-Party Security Compliance: We partner with third-party services that meet our high standards for security and privacy.
  • Data Privacy: We are committed to protecting customer data privacy and do not sell or share data for marketing purposes.
  • Authentication Standards: We utilize OAuth 2.0 for secure user authentication.

Incident Response Plan

At livecopy, we are prepared to swiftly and effectively address any security incidents to minimize impact and protect our users' data. Our comprehensive Incident Response Plan includes:

  • Detection and Identification: Continuous monitoring of our systems to promptly detect and identify potential security incidents.
  • Response Team: A dedicated, trained incident response team ready to address security incidents.
  • Containment and Eradication: Immediate steps to contain and eradicate threats upon detection, preventing further damage.
  • Recovery: Implementation of procedures to restore affected services or data to full functionality.
  • Notification: Prompt notification to affected users in the event of a significant breach, in compliance with relevant laws and regulations.
  • Post-Incident Analysis: Thorough analysis after an incident to identify causes, learn from the event, and implement improvements to prevent future occurrences.

Our Incident Response Plan is regularly reviewed and updated to ensure its effectiveness in the face of evolving security threats.

User Control and Privacy

User autonomy over their data is a cornerstone of our policy:

  • Account Deletion: Users can delete their accounts at any time, which leads to the complete deletion of their data from our servers and third-party services.
  • Data Export: Users can request a comprehensive data export at any time.
  • Email addresses: If you connect a third-party ticketing service (e.g. Jira, Linear, etc.) we may fetch email addresses of users assigned to issues in order to sync them to GitHub users. We do not store this data and fetch it at runtime as needed.

Communication and Policy Updates

Our commitment to transparency extends to how we communicate policy changes:

  • Updates Notification: Any changes to our Privacy Policy will be posted on our website. We advise users to review the policy periodically for updates.
  • Effective Dates: Changes are effective upon posting on our website.

User Feedback and Concerns

We at livecopy value our users' feedback and are committed to addressing any security concerns they may have:

  • Open Communication Channels: Users are encouraged to report any security concerns or vulnerabilities they may encounter through our dedicated support channel at support@livecopy.ai.
  • Feedback Review: All feedback and concerns are reviewed by our security team and are used to guide improvements in our security practices.
  • User Collaboration: We believe in collaborating with our user community to enhance the security of our platform. Suggestions and feedback are not only welcomed but are an integral part of our security strategy.
  • Transparency in Updates: When user feedback leads to changes or updates in our security practices or policy, we communicate these changes to all users to maintain transparency and trust.

Your voice is essential to us, and we are committed to ensuring that your experience with livecopy is secure, reliable, and responsive to your needs.

Contact Information

For any inquiries or concerns regarding our Privacy Policy, please contact us at support@livecopy.ai.