Privacy policy

Effective as of December 7th 2020

You're probably here expecting a fairly lengthy document of legalese about how we do and don't collect info and how you can delete any information we collect & store. Don't worry - that's all here - but before we dive into that we wanted to quickly give an overview of how your code is kept private via Sourcery, why you need a Token to get started, and what info we do and don't collect when you use our IDE plugins, GitHub integration, or CLI.

We're a team of developers here at Sourcery and we know how important the privacy and security of your code is. That's why we're taking every step to ensure that your code is being kept private and that our analysis is being done fully locally.

In your IDE & with the Sourcery CLI

  • All analysis is done fully locally. We don't send any of your code to our servers or see any of your code in any way.
  • We collect basic usage statistics (eg. how many refactorings we're suggesting, which types of refactorings are they, and did you accept them or not) so that we can continue to improve the Sourcery product and offer better suggestions in the future.
  • We collect basic usage statistics (eg. how many refactorings we're suggesting, which types of refactorings are they, and did you accept them or not) so that we can continue to improve the Sourcery product and offer better suggestions in the future.
  • You need to enter a token to verify that you have a Sourcery account with the right level of feature access (Free, Pro, or Team). You can get your token from your dashboard. Sourcery checks your token every 2 weeks, otherwise you can use Sourcery fully offline.

In GitHub

  • For GitHub cloud, our analysis is done on our servers, refactorings are proposed to your repo as a pull request, and then all of the code we were analyzing is immediately deleted. We do not store any of your code.
  • We collect basic usage statistics (eg. how many refactorings we're suggesting, which types of refactorings are they, and did you accept them or not) so that we can continue to improve the Sourcery product and offer better suggestions in the future.
  • All the information we collect on the product usage is stored in Mixpanel and you can request that we delete it at any point by emailing us at
At the end of the day we're trying to do everything we can to offer you incredible improvements to your code while maintaining the privacy and security of your code base. If you have any questions about our approach please let us know at

Now on to the legal details:

This document describes the information that we (“Sourcery AI Limited”) collect when you interact with our website and services.

Information we collect

We are the data controller for the following information:

  • Information about yourself that you voluntarily provide to us such as your name, email address and other contact information.
  • Anonymised usage data collected by our services. These include information on your OS version and the versions of our services that you use, as well as anonymised reports of which types of refactorings have been suggested and accepted. We do not collect information on your code.
  • Anonymised error reports provided by the third-party error reporting service, which is fully GDPR and EU-US Privacy Shield compliant.
  • Information provided to us by cookies and related technologies such as Google Analytics.

More on cookies

A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the Service each time the visitor returns. Sourcery uses cookies to help Sourcery identify and track visitors. Sourcery visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies when using Sourcery's website.

What we use the information for

Sourcery collects information to provide a better service to all our users and visitors. We use the information to provide, maintain, protect and improve our website and services. If you have signed up to receive updates from us we will use your information to periodically contact you with information about our products and services. Our legal basis for processing the information we are the data controller for, is the implicit consent that you provide when submitting your information through a website form or emailing us. In some circumstances, we may also process information on the basis of our legitimate interest in improving our service.

Third part service providers

Sourcery uses services from auth0, GitHub, and Google to allow users to create and log into accounts. No additional information is shared with these service providers outside of the information required to create and log into an account.

Sourcery uses payment services from Stripe to process payments for Sourcery Pro and Team services. No additional information is shared with Stripe outside of the information required to create and manage invoices, payments, and subscriptions.

Sourcery uses analytics services from Google Analytics. All information sent to Google Analytics is anonymized.

Sharing the information

We do not share the information with any external third parties, except as detailed in this document.

Storage and security

Sourcery uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. You understand that although you retain full rights to your data, it may be stored on third-party storage and transmitted through third-party networks. We take careful technical measures to ensure that your information is secure and inaccessible to unauthorized parties. We also continuously work on new features to improve security. We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data.

Your rights

You have the following rights in respect of your personal data:

  • Access - Request information about personal data we hold on you
  • Rectification - Correct or update your personal data
  • Objection - Object to processing of personal data based on our legitimate interests
  • Restriction - Ask us to retain but otherwise stop actively processing personal data
  • Erasure - Request deletion of your personal data
  • Portability - Request your personal data in machine-readable format
  • Withdrawal - Withdraw consent for future processing, if we process based on your consent
  • Decisions - To not be subject to significant decisions based solely on automated processing
  • Complaints - Contact the Information Commissioner's Office with complaints about our processing (
Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person's personal data or when there is an overriding interest or conflicting legal obligation).


Although most changes are likely to be minor, Sourcery may change its Privacy Policy from time to time, and in Sourcery's sole discretion. Sourcery encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Contact us

If you have any questions about this Privacy Policy or want to officially request, review, delete or anything else about your personal data, please contact us at and we will work with you to identify and follow the appropriate process to satisfy your request.