Privacy Policy
1. Introduction
Welcome to Reflog.ai, operated by SVNK Technologies. We are committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, which helps development teams learn from code reviews through AI-powered analysis. Please read this policy carefully to understand our practices regarding your personal data.
2. Data Controller
The data controller responsible for your personal data is:
Company: SVNK Technologies
Legal Form: Société par Actions Simplifiée (SAS)
Share Capital: €1,000
Address: 78, Avenue des Champs-Élysées, Office 326, 75008 Paris, France
Registration Number: 945306975
Tax ID: FR31945306975
Email: contact@reflog.ai
3. Data We Collect
We collect different types of information to provide and improve our service:
3.1 Account Information
- Email address
- GitHub username and profile information
- Account preferences and settings
- Subscription plan and billing information
3.2 GitHub Integration Data
- GitHub OAuth access tokens
- Repository information (names, URLs, metadata)
- Pull request data (code changes, comments, reviews)
- Commit history and authorship information
- Team and organization membership data
3.3 Code Review and Learning Data
- Source code from analyzed pull requests
- Review comments and feedback
- Learning points and identified mistakes
- Exercise completions and progress tracking
- Team standards and coding patterns
3.4 Usage and Analytics Data
- Log data (IP addresses, browser type, device information)
- Feature usage patterns and interaction data
- Performance metrics and error reports
- Session duration and navigation paths
3.5 Payment Information
- Payment method details (processed by Stripe, not stored by us)
- Billing address and tax information
- Transaction history and invoice records
4. Legal Basis for Processing
Under GDPR, we process your personal data on the following legal grounds:
- Contract Performance: Processing necessary to provide our services under our Terms of Service
- Legitimate Interests: Improving our service, preventing fraud, and ensuring security
- Legal Obligation: Complying with tax, accounting, and regulatory requirements
- Consent: For optional features like marketing communications (where consent is obtained)
5. How We Use Your Data
We use collected data for the following purposes:
- Providing and maintaining the Reflog.ai service
- Analyzing pull requests and generating learning insights
- Creating personalized learning paths and exercises
- Training and improving our AI models for code review analysis
- Managing your account and subscription
- Processing payments and maintaining transaction records
- Sending service-related notifications and updates
- Providing customer support and responding to inquiries
- Detecting and preventing fraud, abuse, and security threats
- Analyzing usage patterns to improve our service
- Complying with legal obligations and protecting legal rights
6. Data Sharing and Third Parties
We share your data with the following third-party service providers who process data on our behalf:
Supabase (Database and Infrastructure)
Hosts our database and backend infrastructure. Data is stored in secure data centers with GDPR compliance.
GitHub (Authentication and API)
Provides OAuth authentication and repository access. We access only the permissions you explicitly grant.
Stripe (Payment Processing)
Processes subscription payments securely. We do not store your full payment card details.
AI Service Providers
Third-party AI services process code and review data to generate insights. All processors are bound by data protection agreements.
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may disclose data when required by law, legal process, or to protect our rights and safety.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: Retained while your account is active and for 90 days after account deletion
- Code Review Data: Retained while your account is active or until you request deletion
- Transaction Records: Retained for 10 years to comply with French tax and accounting laws
- Analytics Data: Anonymized after 26 months in accordance with CNIL guidelines
- Support Communications: Retained for 3 years after the last interaction
You may request deletion of your data at any time, subject to legal obligations requiring retention.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of Access
You can request a copy of the personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data, subject to legal retention requirements.
Right to Data Portability
You can request your data in a structured, machine-readable format.
Right to Restriction of Processing
You can request limitation of how we process your data in certain circumstances.
Right to Object
You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
Right to Lodge a Complaint
You can file a complaint with the French data protection authority (CNIL) at www.cnil.fr.
To exercise any of these rights, please contact us at contact@reflog.ai. We will respond to your request within 30 days.
9. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. We ensure that such transfers comply with GDPR through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional safeguards to ensure data protection equivalent to GDPR standards
Our primary data storage is within the European Union to minimize international transfers.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption of data in transit (TLS/SSL) and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Monitoring and logging of system access
- Regular backup and disaster recovery procedures
- Employee training on data protection and security
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but commit to notifying you of any data breaches as required by law.
12. Children's Privacy
Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at contact@reflog.ai, and we will delete such information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website with a new "Last Updated" date
- Sending an email notification to your registered email address
- Displaying a prominent notice in the application
Continued use of our service after changes become effective constitutes acceptance of the updated policy.
14. Contact Information
For questions about this Privacy Policy or to exercise your rights, please contact us:
SVNK Technologies
78, Avenue des Champs-Élysées, Office 326
75008 Paris, France
Email: contact@reflog.ai
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at:
CNIL
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr