StructPR StructPR ← Back to home

Privacy Policy

Last updated: February 3, 2026

1. Introduction

StructPR ("the Service") is operated by Snarky Engineering ("we", "us", "our"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you sign in with GitHub, we receive and store:

  • GitHub user ID and username
  • Email address
  • Avatar URL
  • OAuth access and refresh tokens (encrypted at rest with AES-256-GCM)

Repository and PR Data

When you install the StructPR GitHub App, we access and store:

  • Repository metadata (name, visibility, default branch)
  • Pull request metadata (title, number, SHA hashes)
  • File diff patches (to generate analysis groupings)
  • PR comments you post through StructPR

We do not store your full source code. We only process and store diff patches provided by the GitHub API for open pull requests.

Usage Data

We track:

  • Number of repositories, PRs analyzed, and comments posted (for billing limits)
  • Review session activity (which groups you've reviewed, timestamps)

3. How We Use Your Information

  • To provide and improve the PR analysis and review features
  • To manage your subscription and enforce plan limits
  • To post comments to GitHub on your behalf (only when you explicitly submit)
  • To send transactional emails related to your account or subscription

4. Data Security

We implement the following security measures:

  • OAuth tokens are encrypted at rest using AES-256-GCM
  • GitHub webhook payloads are verified using HMAC-SHA256 signatures
  • Stripe webhook payloads are verified using Stripe's signature verification
  • All connections use HTTPS with HSTS enabled
  • Sessions expire after 24 hours
  • User data is scoped per-installation to prevent cross-account access

5. Third-Party Services

We use the following third-party services that may process your data:

  • GitHub — Authentication, repository access, and API integration
  • Stripe — Payment processing and subscription management

Each service has its own privacy policy. We encourage you to review them.

6. Data Retention

We retain your account data as long as your account is active. PR analysis data is retained for the lifetime of the repository's installation. You can request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke the GitHub App installation at any time through GitHub Settings
  • Export your data upon request

8. Cookies

We use a single session cookie (_structpr_key) required for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notice. The "Last updated" date at the top indicates when this policy was last revised.

10. Contact

For privacy-related questions or data requests, contact us at support@structpr.com.