Privacy Policy

DocuGardener ("DocuGardener", "we", "us", "our") is a documentation drift detection service that integrates with GitHub to analyse code changes and surface documentation inconsistencies. This policy explains how we collect, use, and protect personal data when you use our service.

For questions about this policy, contact us at [email protected].

Account and identity data — name, email address, and profile information received via GitHub OAuth or email magic-link authentication. Used to authenticate you and associate your activity with your organisation.

Tenant and organisation settings — repository configuration, integration credentials (stored encrypted), plan and billing metadata, role assignments, and invite records. Used to operate the service for your organisation.

Usage and operational data — triage actions, dismiss reasons, job results, drift scores, and activity logs. Used to provide the service and generate analytics visible to your team.

Billing data — subscription status and billing metadata processed via Stripe. We do not store full card details. Stripe's privacy policy governs payment data.

Support communications — messages you send us when reporting issues or requesting support.

DocuGardener analyses repository content (code, documentation files, PR diffs) to detect documentation drift. This content is processed transiently in ephemeral analysis environments. We do not store customer source code as long-term application data after analysis completes.

Analysis outputs — drift scores, suggested documentation changes, check-run annotations, and audit records — may be persisted as part of normal service operation. These outputs are derived artefacts, not retained copies of your source code.

We will not use your repository content or documentation to train our own AI models. Customer content remains your intellectual property.

Your code, PR content, and documentation are never used to train any AI model — whether hosted by DocuGardener or configured by your organisation in BYOK mode.

Analysis is ephemeral: code is processed in RAM and wiped immediately after each analysis job completes. No source code is written to long-term storage.

See /trust for model-specific training data transparency, including links to each LLM provider's own published model cards.

DocuGardener supports three AI routing modes. The mode your organisation uses affects how analysis requests are handled:

• Hosted — analysis requests are routed to a hosted LLM provider on your behalf. The provider's data-use terms apply.
• BYOK Cloud — requests are routed directly to your configured cloud provider (e.g. OpenAI, Anthropic, Google Vertex, Azure OpenAI) using your own credentials. That provider's own privacy policy and data-use terms apply.
• BYOK Local — requests are routed to a locally deployed model (e.g. Ollama). No repository content leaves your network for AI processing.

Your organisation's chosen mode is visible in the DocuGardener Settings page under AI Configuration.

Security-relevant actions — logins, triage decisions, role changes, settings modifications, and evidence exports — are recorded in a tamper-evident audit log using SHA-256 hash chaining. This log is retained to support your compliance and security review obligations. Audit log data may contain user identifiers and action metadata.

We share data only with subprocessors necessary to operate the service — including our cloud hosting provider, database infrastructure, and Stripe for billing. We do not sell personal data to third parties.

Enterprise customers may request the current subprocessor register by contacting [email protected].

Account and organisation data is retained for the duration of your subscription and a reasonable wind-down period following termination.

Audit logs are retained for compliance purposes in line with your plan's retention settings.

Repository content processed during analysis is not retained after the analysis job completes, as described in Section 3.

If your organisation is based outside the country where our infrastructure is hosted, data may be transferred internationally. We take steps to ensure appropriate safeguards are in place. Customers in regulated jurisdictions should contact us to discuss applicable transfer mechanisms, including standard contractual clauses where required.

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. Organisation admins can manage most user data directly from the Settings page. For other requests, contact [email protected].

We use encryption in transit (TLS) and at rest for credentials and sensitive metadata. Access to production systems is restricted and access events are logged. Our architecture uses tenant isolation to prevent cross-organisation data access.

We may update this policy from time to time. Material changes will be communicated via email to organisation admins or via an in-app notice. Continued use of the service after a change constitutes acceptance of the updated policy.