MergeWise LogoMergeWise

Privacy

Privacy policy

Learn how MergeWise collects, uses, and protects data when you connect Asana, GitHub, and your team accounts.

What we collect

Data we process to deliver reviews

We collect only the data required to run AI-assisted reviews, keep workspaces secure, and support your team.

Scope

Account and workspace details

  • Contact information you provide such as name and email address to set up your workspace.
  • Workspace metadata including team name, connection settings, and plan selection to operate the service.
  • Authentication and session data needed to secure access and honor logout requests.

Integration data

  • GitHub repository metadata, pull request links, comments, and labels required to run AI reviews.
  • Asana project metadata, task links, and webhook payloads used to map work and trigger reviews.
  • API tokens or installation identifiers needed to connect third-party services; secrets are stored securely.

Usage and telemetry

  • Event logs about review runs, errors, and sync status to troubleshoot and improve reliability.
  • Billing-related usage counts such as review volume and watched projects to calculate subscription charges.

Usage

How we use information

Clear purposes aligned to running reviews and keeping the platform reliable.

Operate and improve the product

We process integration data to ingest pull requests, generate AI feedback, and deliver results back to Asana and GitHub.

Security and abuse prevention

Logs and telemetry help detect misconfigurations, enforce rate limits, and investigate suspicious activity.

Support and communications

Contact details are used to send critical notices, respond to support requests, and share service updates you opt into.

Billing and account administration

Plan selection, usage metrics, and payment preferences power invoicing, receipts, and quota management.

Product analytics

Aggregated, de-identified trends (like feature adoption and workflow throughput) help prioritize reliability work and new capabilities.

AI handling

How AI models are used

We send only the context needed to produce review insights, safeguard prompts, and inspect outputs to keep feedback useful and safe.

Model safety

Model providers

We use reputable AI providers to generate review suggestions. Requests contain only the minimum context needed to create actionable feedback.

Prompt and output hygiene

Prompts exclude secrets and are automatically trimmed to relevant code diffs. Outputs are logged for quality control without exposing unrelated repository content.

Evaluation and tuning

We review anonymized samples to improve accuracy and may fine-tune on de-identified snippets, never on private tokens or credentials.

Sharing

When data is shared

We limit sharing to trusted providers, integrations you activate, and required legal scenarios.

Vetted processors

We rely on infrastructure and analytics providers that meet our security requirements and process data under contract.

Third-party integrations you enable

When you connect GitHub or Asana, we exchange the minimum necessary data to fetch context, publish comments, and sync status.

Legal and safety requirements

We may share information to comply with law, enforce terms, or protect the rights and safety of users and the service.

Protection

Retention and security

We balance operational needs with safeguards that protect your integrations and data.

Stewardship

Retention

We keep operational data for as long as needed to deliver the product and meet legal obligations. Review artifacts and logs are trimmed based on workspace needs and plan limits.

Security practices

Secrets are stored securely, access is restricted to authorized personnel, and we monitor for abnormal access patterns.

Locations and cookies

Where data lives and how sessions work

Understand our hosting regions, transfer safeguards, and the limited cookies we set.

Data hosting

Primary systems run in the United States with redundant storage and backups. Access is restricted via role-based controls and auditable approvals.

International transfers

If data moves across regions, we rely on appropriate safeguards such as Standard Contractual Clauses and vendor data processing agreements.

Cookies and local storage

We use functional cookies and local storage for authentication sessions, feature flags, and remembering your workspace selection. No advertising cookies are used.

Your choices

Control and requests

Manage your workspace data or contact us when you need help with corrections or deletions.

Access and updates

You can update account information, rotate tokens, and manage workspace settings from the dashboard. Contact support to request corrections if needed.

Data removal

To close a workspace or delete integration data, submit a request via support. Deletions may be delayed where law or security obligations require retention.

Communication preferences

You can opt out of non-essential updates at any time. Service and security notifications remain required for account safety.

Legal

Your rights and responsibilities

We respect regional privacy rights and clarify how MergeWise processes data under contract and legitimate interests.

Transparency

Your rights

Depending on your region, you may have rights to access, correct, export, object to, or delete personal data. We honor verified requests and explain any legal limits.

Lawful bases

We process data primarily to perform our contract with you (workspace operations) and pursue legitimate interests (security, product improvement) while respecting opt-outs.

Team responsibilities

Workspace admins are responsible for informing collaborators about these practices and ensuring integrations are configured in line with their organization policies.

Contact

Questions or requests?

Reach out to privacy@mergewise.ai for data access, deletion, or security inquiries. We respond promptly to support regulated teams.

Email privacy team