We're finalizing our public privacy policy ahead of launch. In the meantime, here's what's true about how we handle your data:

• Read-only by default. We never write to your code, your branches, or your files. Read scopes on a GitHub App that you control. The only write scope we ever request is pull_requests: write, opt-in per workspace and only granted when you explicitly enable GitHub PR Comments.
• Default-deny on repo visibility. A repository is invisible to Releap until a workspace admin explicitly enables it.
• Encryption at rest. GitHub installation tokens, BYO LLM API keys, and integration credentials are AES-256-GCM encrypted with keys held in a managed secret store. Indexed code content (chunks), query history, KB articles, and ticket and release-note bodies are encrypted at the application layer using AES-256-GCM with per-workspace keys before being written to the database.
• Query history retention. Pro = 90 days, Business = 180 days, Enterprise = configurable. Aged rows are hard-deleted by the daily lifecycle worker.
• BYO LLM (Enterprise). When configured, prompts and embeddings route exclusively through your endpoint — code never leaves your network. Enterprise workspaces can additionally configure customer-managed encryption keys (CMEK), supplying a GCP KMS key that wraps the workspace data encryption key. Disabling the key or revoking Releap's IAM grant immediately prevents any further decryption of workspace content.

For a copy of our current data-processing posture or a Data Processing Agreement, email sales@releap.app.