Privacy Policy

Stage Inc., a Delaware corporation ("we," "us," or "our"), operates the stagereview.app website and the Stage application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

Account Information

When you create an account, we collect your name, email address, and profile information provided through your GitHub account via OAuth authentication. We also store encrypted OAuth tokens to maintain your GitHub connection.

GitHub Data

When you connect your GitHub account and install our GitHub App, we access repository metadata, pull request content, code diffs, and review comments for repositories you explicitly authorize. We only access repositories you grant permission to.

Session and Usage Data

When you sign in, we store your IP address and browser user agent as part of your authenticated session record. We also automatically collect information about how you interact with the Service, including pages visited, features used, and device information.

Error and Performance Data

We collect error reports and diagnostic information when the Service encounters technical issues. This may include stack traces, request context, and environment details. This data is sent to our error monitoring provider (Sentry) to help us identify and fix bugs.

Payment Information

If you subscribe to a paid plan, payment details (such as credit card information) are collected and processed directly by Stripe. We store only your Stripe customer and subscription identifiers — never your full card number.

AI-Processed Data

When you use our AI-powered code review features, your code diffs and pull request content are sent to third-party AI providers (Anthropic) to generate review summaries, chapter groupings, and risk assessments. We do not use your code to train AI models. AI-generated content and chat conversations about your pull requests are stored in our database so you can access them later.

We process your personal information on the following legal bases, as applicable under the EU General Data Protection Regulation (GDPR) and similar laws:

• Contractual Necessity: Processing required to provide the Service, manage your account, and fulfill our obligations to you.
• Legitimate Interest: Processing for security, error monitoring, fraud prevention, and improving the Service, where these interests are not overridden by your rights.
• Consent: Processing based on your explicit consent, such as optional analytics. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

• Provide, operate, and maintain the Service
• Generate AI-powered code review summaries and analysis for your pull requests
• Authenticate your identity and manage your account
• Process payments and manage subscriptions
• Communicate with you about the Service, including support and updates
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

We do not sell your personal information. We may share your data with:

• AI Providers: Code diffs and pull request content are sent to Anthropic for AI analysis. Anthropic processes this data according to their privacy policy and does not use it for model training.
• Infrastructure Providers: We use third-party services for hosting, database storage, caching, analytics, and error monitoring (e.g., Vercel, Neon, Upstash, PostHog, Sentry).
• Payment Processor: Subscription and billing information is processed by Stripe. We do not store your full payment card details — Stripe handles this according to their privacy policy and PCI-DSS standards.
• Organization Members: Data within an organization on Stage is visible to other members of that organization.
• Legal Requirements: We may disclose information if required by law, regulation, or legal process.

Your data is stored on secure servers provided by our infrastructure partners. We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

We retain your data for as long as your account is active and as needed to provide the Service. When you delete your account:

• Account data (profile, sessions, OAuth tokens) is deleted promptly.
• Chat conversations and AI-generated content associated with your account are deleted promptly.
• Generation run metadata (e.g., when a review was generated and for which pull request) is anonymized — your user association is removed, but the aggregate record is retained for operational analytics.
• Payment records are retained as required by Stripe's policies and applicable financial regulations.

Repository data and AI-generated content are also deleted when you revoke access to the associated repositories.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request a copy of your data in a portable format
• Withdraw consent at any time

To exercise any of these rights, contact us at founders@stagereview.app.

We use essential cookies to maintain your session and authentication state. We use PostHog for product analytics, which collects usage data such as pages visited, features used, and device and browser information. PostHog may use cookies to identify returning visitors. We also use Vercel Analytics to collect anonymous, aggregated performance data (page views, web vitals). You can control cookie preferences through your browser settings.

The Service may contain links to third-party websites or services, including GitHub. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at founders@stagereview.app. We will verify your identity before processing your request.

Your information may be transferred to and processed in countries other than your own, including the United States. We rely on Standard Contractual Clauses (SCCs) and other legally recognized transfer mechanisms to ensure your data is protected when transferred internationally. Our service providers are contractually obligated to protect your information in accordance with this policy.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

If you have questions about this Privacy Policy, please contact us at founders@stagereview.app.