Privacy Policy

Last updated: February 24, 2026

1. Introduction

PRilot is an AI-powered tool that automates pull request creation by analyzing commit history and code diffs. This Privacy Policy describes what data we collect, how we use it, and your rights regarding that data. By using PRilot you agree to the practices described below.

2. Data We Collect

We collect only the data necessary to provide the service:

  • Account data: Email address, username, and password (stored as a secure hash) when registering with email and password.
  • GitHub profile data: When signing in with GitHub OAuth, we receive your GitHub user ID and verified email address.
  • Repository metadata: Repository name, owner, visibility (public/private), and default branch — used solely to identify repositories linked to your account.
  • Generated PR data: The title, description, and branch information of pull requests generated within PRilot, stored so you can review and edit them before submitting.

3. What We Do Not Store

PRilot never stores your source code.

When generating a pull request, we fetch commit messages and file diffs from the GitHub API on your behalf. This data is used transiently — processed by our AI to produce a PR description — and is never written to our database. It may be briefly cached in Redis for performance purposes and expires automatically. No code is retained after the generation request completes.

4. GitHub Permissions We Request

PRilot requests the following GitHub permissions to function:

OAuth scopes (read-only)

  • read:user — Read your GitHub username and public profile.
  • user:email — Read your verified GitHub email address for account creation.

GitHub App permissions

  • Contents (read): Access commits and file diffs between branches in order to generate PR descriptions.
  • Pull requests (write): Submit the generated pull request to your repository on your behalf.

Important: PRilot cannot modify your source code, push commits, delete branches, or merge pull requests. Its write access is strictly limited to creating pull requests on your behalf.

5. How We Use Your Data

  • To create and manage your PRilot account.
  • To authenticate you via GitHub OAuth or email and password.
  • To link your GitHub repositories and generate pull requests.
  • To send transactional email notifications (invitations, team updates, password resets) via Resend.
  • To enforce per-user usage limits and prevent abuse.

6. Third-Party Services

We rely on the following third-party providers to deliver PRilot. Each provider has its own privacy policy:

Cerebras AI

Our AI inference provider. Commit messages and code diffs are transmitted to Cerebras solely to generate PR titles and descriptions. Cerebras does not retain your data beyond the inference request.

GitHub

Repository access and OAuth provider. We interact with the GitHub API under the permissions you explicitly grant when installing the PRilot GitHub App.

Resend

Email delivery service used to send invitations, team notifications, and password reset emails. Only the recipient address and email body are transmitted.

Upstash (Redis)

In-memory cache and rate-limiting layer. Used to temporarily cache GitHub API responses (commits, diffs) and enforce usage quotas. Cached data expires automatically.

7. Data Retention

Account data is retained as long as your account is active. You may request deletion of your account at any time, after which your personal data will be removed from our systems. Generated PR records are tied to your account and can be deleted individually. Authentication tokens expire automatically according to their configured lifetime.

8. Security

Passwords are hashed and are never stored in plaintext. Sessions use short-lived JWT access tokens paired with longer-lived refresh tokens. All communication between your browser and PRilot is encrypted over HTTPS.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of PRilot after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, please open an issue in the PRilot repository or contact us through the project's official channels.