Privacy Policy

Last Updated: April 9, 2026

1. Introduction

HookBit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information from GitHub

When you connect your GitHub account, we collect:

  • Your GitHub username, email address, and profile information
  • Repository metadata (names, descriptions, URLs)
  • Webhook events (pull requests, issues, commits)
  • Repository code and content (only for repositories you explicitly connect)

2.2 Usage Information

We automatically collect:

  • IP addresses and browser information
  • Pages visited and features used
  • Timestamps of interactions
  • Device and operating system information

2.3 Authentication Data

We store GitHub OAuth access tokens (encrypted) to interact with your repositories on your behalf. These tokens are stored securely using AES-256-GCM encryption.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process AI-powered code reviews and suggestions
  • Send webhook notifications and updates
  • Improve our Service and develop new features
  • Detect and prevent security incidents
  • Comply with legal obligations

4. Data Sharing and Disclosure

4.1 Third-Party Services

We may share data with:

  • AI Service Providers: Code snippets are sent to AI models for analysis (Claude, OpenAI, etc.)
  • GitHub: We interact with GitHub APIs on your behalf
  • Infrastructure Providers: Hosting and database services (AWS, PostgreSQL)

4.2 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

5. Data Security

We implement industry-standard security measures:

  • AES-256-GCM encryption for GitHub access tokens
  • HTTPS/TLS encryption for all data in transit
  • JWT-based authentication with httpOnly cookies
  • Regular security audits and vulnerability scanning
  • Database encryption at rest
  • Audit logging for sensitive operations

6. Data Retention

We retain your data as long as your account is active or as needed to provide services. You may request deletion of your data at any time by deleting your account.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Withdraw consent for data processing
  • Object to automated decision-making

8. Cookies and Tracking

We use cookies for:

  • Authentication (JWT session cookies)
  • Security (CSRF protection)
  • Preferences and settings

Our cookies are httpOnly and secure, preventing client-side JavaScript access.

9. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service.

12. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

13. GDPR Compliance

For users in the European Union, we comply with GDPR requirements. You have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

← Back to Home