Privacy policy

Effective as of August 27th 2024

You're probably here expecting a fairly lengthy document of legalese about how we do and don't collect info and how you can delete any information we collect & store. Don't worry - that's all here - but before we dive into that we wanted to quickly give an overview of how your code is kept private via Sourcery, why you need a Token to get started, and what info we do and don't collect when you use our IDE plugins, GitHub integration, or CLI.

We're a team of developers here at Sourcery and we know how important the privacy and security of your code is. That's why we're taking every step to ensure that your code is being kept private and that our analysis is being done fully locally as much as possible.

In this page we'll refer to two separate pieces of the Sourcery product - the Sourcery Coding Assistant and Code Review.

What are the Sourcery Coding Assistant and Sourcery Code Review?

The Sourcery Coding Assistant is our AI powered pair programmer which looks to assist you with tasks such as code reviews, troubleshooting code problems, generating docstrings or test, explaining code, etc. The Sourcery Coding Assistant uses third party Large Language Models to provide its functionality and requires us to be able to send messages and code context to those models to function. We collect message data (but not your code) to allow us to improve the quality of our responses.

Sourcery Code Review is our GitHub and GitLab integration to provide automatic code review on every pull request or merge request you make. Sourcery Code Review uses third party Large Language Models to provide its functionality and requires us to be able to send messages and code context to those models to function.

In your IDE & with the Sourcery CLI

For the Sourcery Coding Assistant code sections and messages are sent to third-party Large Language Model (LLM) providers (such as OpenAI, Anthropic, etc) using their APIs. This data passes through our servers but we do not store any of your code. All LLM providers we work with do not use any of your code or messages to train their models and do not store any of your data for more than 30 days. Zero retention options are available as needed (provided via Anthropic). These require a Sourcery Pro license and can be requested by contacting teams@sourcery.ai.

No code will ever be sent off of your device unless you trigger a Sourcery interaction such as messaging through the Sourcery chat, choosing a recipe such as Generate Tests, or triggering a code review. Applying the in-line suggestions does not result in any LLM request or any code being sent from your machine.
We collect basic usage statistics (eg. how many refactorings we're suggesting, which types of refactorings are they, and did you accept them or not) and the messsages you send to the Coding Assistant so that we can continue to improve the Sourcery product and offer better suggestions in the future. You can opt out of our collection of this data by disabling telemetry in your IDE settings.
You need to enter a token to verify that you have a Sourcery account with the right level of feature access (Open Source, Pro, or Team). You can get your token from your dashboard. Sourcery checks your token every 2 weeks, otherwise you can use Sourcery fully offline.

In GitHub

For GitHub Cloud, GitLab Cloud, & GitLab self hosted Code Review our analyis is conducted on our servers and using third-party Large Language Model (LLM) providers (such as OpenAI, Anthropic, etc) using their APIs. This data passes through our servers but we do not store any of your code. All LLM providers we work with do not use any of your code or messages to train their models and do not store any of your data for more than 30 days. Zero retention options are available as needed (provided via Anthropic). These require a Sourcery Pro license and can be requested by contacting teams@sourcery.ai.
We collect basic usage statistics (eg. how many refactorings we're suggesting, which types of refactorings are they, and did you accept them or not) so that we can continue to improve the Sourcery product and offer better suggestions in the future.
All the information we collect on the product usage is stored in Mixpanel and you can request that we delete it at any point by emailing us at info@sourcery.ai

At the end of the day we're trying to do everything we can to offer you incredible improvements to your code while maintaining the privacy and security of your code base. If you have any questions about our approach please let us know at hello@sourcery.ai.

Now on to the legal details:

This document describes the information that we (“Sourcery AI Limited”) collect when you interact with our website and services.

Information we collect

We are the data controller for the following information:

Information about yourself that you voluntarily provide to us such as your name, email address and other contact information.
Anonymised usage data collected by our services. These include information on your OS version and the versions of our services that you use, as well as anonymised reports of which types of refactorings have been suggested and accepted. We do not collect information on your code.
Anonymised error reports provided by the third-party Sentry.io error reporting service, which is fully GDPR and EU-US Privacy Shield compliant.
Information provided to us by cookies and related technologies such as Google Analytics.
Code and conversation histories sent through the Coding Assistant to third-party LLM providers (such as OpenAI, Anthropic, etc.). You have the option to request to use models that have a zero retention policy in place.

More on cookies

A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the Service each time the visitor returns. Sourcery uses cookies to help Sourcery identify and track visitors. Sourcery visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies when using Sourcery's website.

What we use the information for

Sourcery collects information to provide a better service to all our users and visitors. We use the information to provide, maintain, protect and improve our website and services. If you have signed up to receive updates from us we will use your information to periodically contact you with information about our products and services. Our legal basis for processing the information we are the data controller for, is the implicit consent that you provide when submitting your information through a website form or emailing us. In some circumstances, we may also process information on the basis of our legitimate interest in improving our service.

Third part service providers

Sourcery uses services from auth0, GitHub, and Google to allow users to create and log into accounts. No additional information is shared with these service providers outside of the information required to create and log into an account.

Sourcery uses payment services from Stripe to process payments for Sourcery Pro and Team services. No additional information is shared with Stripe outside of the information required to create and manage invoices, payments, and subscriptions.

Sourcery uses analytics services from Google Analytics. All information sent to Google Analytics is anonymized.

Sharing the information

We do not share the information with any external third parties, except as detailed in this document.

Storage and security

Sourcery uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. You understand that although you retain full rights to your data, it may be stored on third-party storage and transmitted through third-party networks. We take careful technical measures to ensure that your information is secure and inaccessible to unauthorized parties. We also continuously work on new features to improve security. We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data.

Your rights

You have the following rights in respect of your personal data:

Access - Request information about personal data we hold on you
Rectification - Correct or update your personal data
Objection - Object to processing of personal data based on our legitimate interests
Restriction - Ask us to retain but otherwise stop actively processing personal data
Erasure - Request deletion of your personal data
Portability - Request your personal data in machine-readable format
Withdrawal - Withdraw consent for future processing, if we process based on your consent
Decisions - To not be subject to significant decisions based solely on automated processing
Complaints - Contact the Information Commissioner's Office with complaints about our processing (https://ico.org.uk/concerns)

Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person's personal data or when there is an overriding interest or conflicting legal obligation).

Updates

Although most changes are likely to be minor, Sourcery may change its Privacy Policy from time to time, and in Sourcery's sole discretion. Sourcery encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Contact us

If you have any questions about this Privacy Policy or want to officially request, review, delete or anything else about your personal data, please contact us at info@sourcery.ai and we will work with you to identify and follow the appropriate process to satisfy your request.