Privacy Policy

Last Updated: March 11, 2026

Triavo provides GitHub repository analysis and AI-powered engineering insights. This Privacy Policy explains what information we collect, how we use it, and the choices available to users and organizations that use Triavo.

Information We Collect

• Account information: We may receive GitHub account identifiers associated with app installations and repository activity, such as usernames, user IDs, and organization/repository ownership context.
• GitHub repository data: To provide functionality, we process repository metadata and selected repository activity data, including issue titles and bodies, issue comments needed for Triavo commands, commit metadata (for example commit SHA, author username, message, and timestamp), pull request metadata, contributor statistics, and assignment-related metadata.
• Usage data: We collect service interaction data such as installation context, webhook event types/actions, and feature usage needed to operate and improve Triavo.
• Log data: We collect operational and error logs (for example request timestamps, webhook delivery IDs, repository identifiers, issue numbers, processing outcomes, and error traces) for reliability, security monitoring, and debugging.
• Cookies and tracking technologies: Triavo’s web interface does not use advertising cookies or third-party analytics trackers at this time. We may rely on essential infrastructure-level technologies (for example host or load-balancer level technical cookies/logs) necessary to securely operate the service.

How We Use Information

We use collected information to:

• Provide AI analysis: Generate assignee recommendations, semantic similarity results, summaries, and related repository insights.
• Improve the service: Evaluate quality, troubleshoot failures, monitor performance, and refine ranking/model behavior.
• Security and fraud prevention: Verify webhook authenticity, prevent duplicate or abusive requests, and protect service integrity.
• Service communication: Post Triavo-generated comments/actions in connected GitHub repositories and respond to support or operational communications.

GitHub Data Access

Triavo accesses GitHub data through GitHub authorization mechanisms (including GitHub OAuth/GitHub App authorization and installation tokens). We only request and process repository metadata and activity data required to deliver Triavo’s core functionality. We do not use GitHub data for unrelated advertising purposes.

Third-Party Services

Triavo relies on third-party infrastructure and processors. Depending on deployment, these may process limited data as needed to provide their services:

• GitHub API: Provides repository metadata and activity data; receives Triavo API actions (for example posting issue comments or assignment actions) authorized by your installation permissions.
• Render (hosting): Hosts backend services and may process request metadata, operational logs, and runtime telemetry required for infrastructure operations.
• Neon (PostgreSQL): Stores operational application records, such as suggestion history and webhook delivery deduplication records.
• Qdrant (vector database): Stores vector embeddings and associated commit payload metadata used for semantic search and similarity scoring.
• AI model providers: Process issue text and repository-derived text (such as commit messages) to generate embeddings, summaries, and AI insight outputs.

Data Storage and Security

We use commercially reasonable technical and organizational safeguards, including:

• Encryption in transit (for example TLS/HTTPS) for service communications.
• Managed cloud infrastructure security controls from our hosting and database providers.
• Access controls and credential/secret management designed to limit unauthorized access.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain data only as long as needed for service operation, legitimate business purposes, and legal compliance. Retention may vary by data type, including:

• Webhook delivery deduplication records retained for a limited operational window (currently targeted at approximately 30 days, configurable by environment).
• Suggestion records and vectorized repository context retained while needed to provide and improve Triavo features.

We may delete or de-identify data when it is no longer required, upon verified request where applicable, or as required by law.

Data Sharing

We do not sell personal information. We share data only:

• With required infrastructure and processing providers described above.
• As directed by the user/organization through authorized product actions.
• When required by law, legal process, or to protect rights, safety, and service integrity.

User Rights

Subject to applicable law, users may have rights to:

• Access: Request information about personal data we process.
• Deletion requests: Request deletion of applicable personal data.
• Data portability: Request a portable copy of data where legally required and technically feasible.

To exercise rights, contact us using the details below. We may request verification before fulfilling requests.

Children's Privacy

Triavo is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. Material changes may also be communicated through the product or other appropriate channels.

Contact Information

For questions, contact:

• Support Email: [email protected]