Privacy Policy

CrossCheck is operated by an independent developer (“we”, “us”). We provide a hosted code-review service that runs automated reviews on pull requests in your source-control system. This policy describes what we collect, why, how long we keep it, who we share it with, and how to contact us about it.

The short version: we collect the minimum needed to run the service, bill it, and improve it. We do not sell your data. We do not retain your source code — it is fetched into an isolated environment that is destroyed at the end of every review. The only thing kept is the result of the review (pass/fail, summaries, line references).

This policy applies to visitors of cross-check.dev (and related subdomains), users who sign in to the product, and end users whose pull-request metadata flows through the service via a GitHub App installation an account owner has authorised.

CrossCheck is offered to customers in the United States and other jurisdictions where we operate. The service is not offered to residents of the European Economic Area, the United Kingdom, or Switzerland, and residents of those regions should not sign up or install the GitHub App on accounts they control. We do not knowingly process the personal data of EEA, UK, or Swiss residents, and we do not represent that the service is compliant with the GDPR or the UK GDPR. If you sign up from one of those regions and we discover it, we may suspend the account and delete the associated data.

• To run reviews on the pull requests you ask us to.
• To authenticate you, manage organisation membership, and enforce permissions.
• To take payment, issue receipts, and manage subscriptions.
• To show you the result of past reviews and how many credits you have used.
• To debug failures, improve the product, and decide what to build next.
• To communicate with you about service issues, billing, and (if you opt in) product updates.

We do not use your source code, diffs, review records, or LLM payloads to train any machine-learning model.

Your source code is never written to our durable storage. For each review we:

1. Mint a short-lived GitHub installation token and use it to shallow-clone your repository at the pull-request head SHA.
2. Run the review inside an isolated sandbox container that has no network access to the public internet beyond the LLM gateway.
3. Destroy the container, its filesystem, and the clone at the end of the review. Nothing persists between runs.

The review record we keep (see above) may quote short excerpts of your code — the specific line ranges the reviewer flagged — in the evidence field. If that is a problem for your team, contact us before installing the App.

We do not sell personal data. We share data only with subprocessors that are necessary to operate the service:

• WorkOS — authentication, session management, and organisation directory.
• Stripe — payment processing and subscription management.
• GitHub — source-control access via the CrossCheck GitHub App.
• Anthropic, OpenAI, Lilac, OpenRouter — large-language-model providers we call to run the reviewer. Calls go out from our LiteLLM gateway with our own credentials; the providers see review prompts and the code excerpts they contain, but do not see your account, organisation, or billing data.
• Langfuse — LLM call traces and cost attribution.
• PostHog — product analytics and the cookie consent banner.
• Sentry — error monitoring and session replay.

We may also disclose information when required by law, when needed to protect the rights, property, or safety of CrossCheck or others, or as part of a merger, acquisition, or asset sale (with prior notice where practicable).

We use a small number of cookies and browser-storage entries:

• A sealed session cookie set by AuthKit after you sign in. It identifies your session to the server and expires when the session does.
• PostHog analytics cookies and local-storage entries (only after you accept the consent banner; opt-out preference itself is stored in local storage).
• Sentry uses local storage to maintain its sampling decisions across navigation.
• Local-storage entries the product itself uses for UI preferences (collapsed sidebar state, theme).

You can clear cookies and local storage at any time via your browser’s settings. Signing out invalidates the session cookie.

• Account and organisation records are kept for the life of your account. Deleting your organisation removes them.
• Review records are kept indefinitely so you can audit past reviews. You can delete an organisation (and its reviews) from the settings page or by emailing us.
• Source code is not retained — the sandbox is destroyed at the end of each review.
• Installation tokens are not stored. They are minted per request and expire within an hour.
• Billing records are retained for as long as Stripe and applicable tax law require.
• Analytics and error logs are retained in line with the defaults of the upstream tool (typically 30 days to a few months).

We follow standard practices for a small SaaS: TLS in transit on every edge, secrets stored encrypted at rest, least-privilege database access, isolated single-use sandboxes for review execution, and structured logging without secrets. No system is perfectly secure; if you discover a vulnerability, please email [email protected] and we will acknowledge within two business days.

The service and its subprocessors run on infrastructure located in the United States. By using CrossCheck you accept that your data will be transferred to and processed in the United States. We do not operate infrastructure in the European Economic Area, the United Kingdom, or Switzerland, and we do not offer the service to residents of those regions (see “Service availability” above).

If you are a California resident, the CCPA gives you the following rights with respect to the personal information we hold about you:

• The right to know what personal information we have collected and how we use it.
• The right to ask us to delete your account and the personal information associated with it.
• The right to ask us to correct inaccurate personal information.
• The right to ask us to export your data in a portable format.
• The right to opt out of the “sale” or “sharing” of personal information — we do neither, so there is nothing to opt out of.
• The right not to be discriminated against for exercising any of these rights.

Regardless of where you live, every account holder can:

• Opt out of product analytics via the cookie consent banner; the preference is honoured thereafter.
• Delete an organisation (and its review records) from the organisation settings page.
• Ask us to delete the account and associated data by emailing the address below.

To exercise any of these rights, email [email protected]. We will respond within 45 days. We may need to verify your identity before acting on a request.

CrossCheck is a developer tool intended for use in a professional context. It is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13 (COPPA). If you believe a child has provided us with personal information, please email us so we can delete it.

We may update this policy from time to time. When we do, we will change the effective date at the top of this page. Material changes will be announced via the in-product notification surface or by email to the account owner before they take effect.

Questions, requests, or complaints about this policy or our handling of your data should be sent to [email protected]. For broader product support see the support page.