Refacto.AI Privacy Policy
Last Updated: May 30, 2025
Refacto.AI (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how your personal information and the data processed by our services, including the ephemeral processing of source code, are collected, used, and disclosed when you use Refacto.AI.This Privacy Policy applies to our website, [Your Website URL], and its associated subdomains (collectively, our “Website”), and specifically to our AI-powered code review application, Refacto.AI (collectively, our “Service”). By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your1 information as described in this Privacy Policy and our Terms of Service.2

1. Definitions and Key Terms
To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced,3 they are strictly defined as:Cookie: A small amount of data generated by a website and saved by your web browser. It is used4 to identify your browser, provide analytics, and remember information about you such as your language preference or login information.
Company: When this policy mentions “Company,” “we,” “us,” or “our,” it refers to5 DevDynamics, Inc., 1013 Centre Road, Suite 403-B, Wilmington, DE 19805, which is responsible for your information under this Privacy Policy.
Country: Where the Company or the owners/founders of the Company are based, in this case, the United States.
Customer ("You"): Refers to the company, organization, or person that signs up to use the Refacto.AI Service.
Device: Any internet-connected device such as a phone, tablet, computer, or any other device that can be used to visit our Website and use the Service.6
IP address: Every device connected to the Internet is assigned a number known as an Internet Protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.Personnel: Refers to those individuals who are employed by7 the Company or are under contract to perform a service on behalf of one of the parties.Personal Data: Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.Service: Refers to the services8 provided by us, primarily the Refacto.AI code review agent and the supporting Website, as described in the relative terms (if available) and on this platform.Source Code: The human-readable set of instructions, including code files, comments, commit history, pull request data, and related repository metadata, that you authorize Refacto.AI to access and process for analysis.Third-party service: Refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you. Also includes service providers essential for our operations, such as hosting, payment processing, and AI model providers.Website: Our site, which can be accessed via Refacto.AI
Data: Refers collectively to the Repository Metadata you allow Refacto.AI to access, and the analysis, suggestions, and output (which may include illustrative code snippets) generated by Refacto.AI. It explicitly excludes the persistent storage of your raw Source Code by our systems.

2. What Information Do We Collect and Process?
We collect and process information to provide and improve our Service. The types of information depend on how you interact with us:
A. Information You Provide to Us (Website & Account Registration):When you visit our Website, register for Refacto.AI, place an order, subscribe to our newsletter, respond to a survey, or fill out a form, we may collect:Name / UsernamePhone NumbersEmail AddressesJob TitlesBilling AddressesPasswords (for account access)Payment Information: When you make a purchase, your debit/credit card numbers and other payment information are provided directly to our third-party payment processors. We do not collect or store your full debit/credit card numbers on our servers. We may receive transaction confirmations and related details from the payment processor, but not your sensitive card details.
B. Information Processed by Refacto.AI (Our Code Review Service):When you use Refacto.AI to review your code, we access and process the following types of data. We do not store your raw Source Code on our systems beyond the transient processing required to perform the review.Source Code (Ephemeral Processing): The code content from your pull requests, branches, or repositories that you authorize Refacto.AI to access. This Source Code is processed ephemerally (in memory or temporarily for the duration of the analysis) to generate review suggestions and is not persistently stored on our servers.Repository Metadata (May be Stored): Information related to your code repositories, such as repository names, file paths, programming languages used, commit history, branch information, and collaborator details (usernames/IDs from the version control system). This metadata may be stored to provide and improve the Service.Pull Request Data (May be Stored): Information related to specific pull requests, including descriptions, comments (excluding raw code not part of a suggestion), committer information, and changes made (diffs may be processed ephemerally). Summaries and analysis results, which might include illustrative code snippets generated as part of a suggestion, may be stored.Usage Data (Stored): How you interact with Refacto.AI, features used, and performance metrics.Review Results (Stored): The suggestions, comments, and reports generated by Refacto.AI. These results may contain illustrative snippets of your Source Code as part of a specific suggestion or explanation, but the original complete Source Code files are not stored.

3. How Do We Use The Information We Collect/Process?A. Use of Website & Account Information:Any of the Personal Data we collect from your interaction with our Website and account registration may be used in one of the following ways:To personalize your experience.To improve our Website.To improve customer service.To process9 transactions (facilitated through our third-party payment processors) and manage your account.To administer a contest, promotion, survey, or other site feature.To send periodic emails regarding your account, updates to our Service, or other relevant communications.B. Use of Refacto.AI Data (Processed Source Code, Stored Metadata & Review Results):The data accessed and processed by Refacto.AI is used exclusively for the following purposes:To Provide and Operate the Refacto.AI Service:To ephemerally process your Source Code to analyze it and provide automated code review suggestions, including identifying potential bugs, security vulnerabilities, performance issues, style inconsistencies, and adherence to best practices.To generate and store reports, insights, and review comments (which may include illustrative code snippets) based on the code analysis.To Improve the Refacto.AI Service:We may use anonymized and aggregated data derived from the results of Source Code analysis (e.g., common error patterns, vulnerability types identified, effectiveness of certain suggestions) and stored Repository Metadata to improve the underlying AI models, algorithms, and performance of Refacto.AI. As your raw Source Code is not stored, it is not used directly to train general-purpose AI models that could reproduce your code for other users or publicly.We may analyze Usage Data and feedback on Review Results to enhance features, usability, and overall service quality.To Provide Support: To troubleshoot issues and respond to your inquiries related to Refacto.AI, which may involve referring to stored Review Results or Repository Metadata associated with your account.

4. When do we use end user information from third parties?Refacto.AI primarily processes Source Code (ephemerally) and Repository Metadata provided directly by you. If your Source Code or PR discussions (which are processed ephemerally) contain Personal Data of your end users, you are responsible for ensuring you have the necessary permissions for Refacto.AI to process this data as part of the code review.We may collect publicly available information from social media websites if you interact with our brand there.

5. When do we use customer information from third parties?We may receive some information from third parties when you contact us or sign up (e.g., fraud detection services). We also occasionally collect information made publicly available on social media.

6. Do We Share The Information We Collect with Third Parties?A. Website & Account Information:Standard sharing practices apply (advertisers for our own marketing, partners, affiliated companies, service providers for hosting, email, etc., under confidentiality obligations).B. Refacto.AI Data (Processed Source Code, Stored Metadata & Review Results):Source Code Confidentiality & Non-Storage: Your raw Source Code is not stored by us and therefore not shared in a stored state.Source Code snippets are sent to third-party AI model providers (e.g., LLMs hosted by reputable cloud services) ephemerally for the sole purpose of generating review suggestions for you during an active review session. We ensure such providers are bound by strict confidentiality and data protection agreements, obligating them to process data ephemerally and not use submitted code snippets for training their general models or for any other purpose.We do not share your raw Source Code with third-party advertisers or general marketing partners.Anonymized, aggregated insights derived from the stored Review Results and Repository Metadata may be used for statistical purposes, research, and improving the Service, but this will not contain your specific Source Code or identifiable information from it.Stored Metadata & Review Results: May be accessible to trusted third-party service providers essential for hosting and maintaining our service (e.g., database providers), under strict confidentiality and data protection obligations.C. Payment Information:When you make a purchase, your payment information is provided directly to our PCI-compliant third-party payment processors. We do not store your full payment card details. We may share transaction-related information with these processors to facilitate the transaction.D. General (Applicable to All Information):Standard sharing for analytics (log files, IP addresses related to Website usage) and legal compliance (responding to claims, legal process, etc.) applies.

7. Where and when is information collected/processed?Personal Data is collected when you submit it (Website, registration). Refacto.AI accesses Source Code and Repository Metadata when you authorize it for review; Source Code is processed ephemerally, while some metadata and review results may be stored. Payment information is collected at the time of purchase by our payment processors.

8. How Do We Use Your Email Address?
By submitting your email address on our Website or when registering for Refacto.AI, you agree to receive emails from us. These may include transactional emails related to your account and the Service, updates, and (if you opt-in) marketing communications. You can cancel your participation in marketing email lists at any time by clicking on the opt-out link or other unsubscribe option included in the respective email. We only send emails to people who have authorized us to contact them. We do not send unsolicited commercial emails. By submitting your email address, you also agree to allow us to use your email address for customer audience targeting on sites like Facebook, where we display custom advertising to specific people who have opted-in to receive communications from us (this does not involve sharing your Source Code). Email addresses submitted only through the order processing page will be used for the sole purpose of sending you information and updates pertaining to your order.

9. How Long Do We Keep Your Information?
Website & Account Information: Kept as long as needed to provide the Service and fulfill policy purposes, or as legally required.
Refacto.AI Data:Source Code: Not stored. It is processed ephemerally for the duration of the analysis.
Repository Metadata & Review Results (which may include illustrative code snippets): Stored to provide you with a history of reviews and for service operation. Our default retention period for Review Results and associated Repository Metadata is until you delete your account. You may have options within the Service to delete specific review data or your account, which would also remove associated stored metadata and review results subject to our backup policies.Anonymized, aggregated data derived from analysis may be retained indefinitely.

Payment Information: We do not store your full payment card details. Transaction confirmations may be kept as required for business and legal records.When we no longer need stored information and are not legally obligated to keep it, we remove or depersonalize it.

10. How Do We Protect Your Information, Especially During Source Code Processing?We implement robust security measures:General Security: We offer the use of a secure server.Source Code Processing Security:Encryption in Transit: Source Code is encrypted using TLS when transmitted between your systems, our Service, and any third-party AI model providers.Ephemeral and Secure Processing: Source Code is processed in secure environments, typically in memory, for the duration of analysis only. It is not written to persistent storage on our primary systems.Access Controls: Strict internal access controls limit who can access the processing environments.Vendor Security: Third-party AI model providers are selected based on their security and confidentiality commitments, including ephemeral processing of submitted code snippets.Stored Refacto.AI Data (Metadata, Review Results) Security: This data, if stored, is protected with encryption at rest (e.g., AES-256) and strong access controls.Payment Processing Security: All payment transactions are processed through secure, PCI-compliant third-party payment gateways. Supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL)/Transport Layer Security (TLS) technology and encrypted by these providers. After a transaction, your full private payment information (credit cards, etc.) is not stored on our systems.Disclaimer: (This section remains similar, acknowledging that no system is foolproof.)

11. Could my information be transferred to other countries?The Company is incorporated in the United States. Information processed or collected, including metadata and review results (Source Code is processed ephemerally and not transferred for storage), may be transferred to our global offices, personnel, or third-party service providers (e.g., hosting, AI model providers, payment processors). This data may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data equivalent to those in your country of residence. To the fullest extent allowed by applicable law, by using our Service, you voluntarily consent to the trans-border transfer and hosting of such information.

12. Is the information processed/collected through the Refacto.
AI Service secure?We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes, or fail to follow policies. Therefore, while we use reasonable efforts to protect your Personal Data and Refacto.AI Data, we cannot guarantee its absolute security. If applicable law imposes any non-disclaimable duty to protect your information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.

13. Can I update or correct my information?The rights you have to request updates or corrections to the information we collect depend on your relationship with us. Personnel may update or correct their information as detailed in our internal company employment policies.Customers have the right to request the restriction of certain uses and disclosures of personally identifiable information as follows. You can contact us in order to (1) update or correct your personally identifiable information, (2) change your preferences with respect to communications and other information you receive from us, or (3) delete the personally identifiable information maintained about you on our systems (subject to the following paragraph), by cancelling your account. Such updates, corrections, changes, and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. Promptly after receiving your request, all Personal Data stored in databases we actively use, and other readily searchable media will be updated, corrected, changed, or deleted, as appropriate, as soon as and to the extent reasonably and technically practicable.If you are an end user of an organization that uses Refacto.AI and wish to update, delete, or receive any information we may have processed as part of the code review service on behalf of that organization, you should contact that organization (your data controller).

14. PersonnelIf you are a Company worker or applicant, we collect information you voluntarily provide to us. We use the information collected for Human Resources purposes in order to administer benefits to workers and screen applicants.You may contact us in order to (1) update or correct your information, (2) change your preferences with respect to communications and other information you receive from us, or (3) receive a record of the information we have relating to you. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion.

15. Sale of BusinessWe reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or substantially all of the assets of the Company or any of its Corporate Affiliates (as defined herein), or that portion of the Company or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.

16. AffiliatesWe may disclose information (including Personal Data) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by, or is under common control with the Company, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

17. Governing LawThis Privacy Policy is governed by the laws of the United States without regard to its conflict of laws provision. You consent to the exclusive jurisdiction of the courts in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy except for those individuals who may have rights to make claims under Privacy Shield, or the Swiss-US framework.The laws of the United States, excluding its conflicts of law rules, shall govern this Agreement and your use of the Website and Service. Your use of the Website and Service may also be subject to other local, state, national, or international laws.By using Refacto.AI or contacting us directly, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our Website, or use our Service. Continued use of the Website, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your information will mean that you accept those changes.

18. Your ConsentWe've updated our Privacy Policy to provide you with complete transparency into what is being set when you visit our site and how it's being used. By using our Website, registering an account for Refacto.AI, or making a purchase, you hereby consent to our Privacy Policy and agree to its terms.

19. Links to Other WebsitesThis Privacy Policy applies only to the Service. The Service may contain links to other websites not operated or controlled by us. We are not responsible for the content, accuracy, or opinions expressed in such websites, and such websites are not investigated, monitored, or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Service to another website, our Privacy Policy is no longer in effect. Your Browse and interaction on any other website, including those that have a link on our platform, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

20. CookiesWe use "Cookies" to identify the areas of our Website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable or you would be required to enter your login details every time you visit the Website as we would not be able to remember that you had logged in previously. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our Website correctly or at all. We never place Personally Identifiable Information in Cookies.

21. Blocking and disabling cookies and similar technologiesWherever you're located you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our Website from functioning properly, and you may not be able to fully utilize all of its features and services. You should also be aware that you may also lose some saved information (e.g. saved login details, site preferences) if you block cookies on your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser, you should visit your browser's help menu for more information.

22. Remarketing ServicesWe use remarketing services. In digital marketing, remarketing (or retargeting) is the practice of serving ads across the internet to people who have already visited your website. It allows your company to seem like they're “following” people around the internet by serving ads on the websites and platforms they use most.

23. Payment DetailsWe do not collect or store your credit card or other payment processing details directly on our servers. When you make a purchase, this information is provided directly to our third-party payment processors who specialize in the secure online capture and processing of credit/debit card transactions. They are responsible for securely storing and handling that information.

24. Kids' PrivacyWe do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

25. Changes To Our Privacy PolicyWe may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service or by email) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can delete your account.

26. Third-Party Services (General)We may display, include, or make available third-party content (including data, information, applications, and other products services) or provide links to third-party websites or services ("Third-Party Services") on our Website or as part of general service information. This does not typically apply to the core Refacto.AI code review process itself unless specified (e.g., use of third-party AI model providers as outlined in Section 6.B).You acknowledge and agree that the Company shall not be responsible for any Third-Party Services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality, or any other aspect thereof. The Company does not assume and shall not have any liability or responsibility to you or any other person or entity for any Third-Party Services.Third-Party Services and links thereto are provided solely as a convenience to you and you access and use them entirely at your own risk and subject to such third parties' terms and conditions.

27. Tracking TechnologiesLocal Storage: Sometimes known as DOM storage, provides web apps with methods and protocols for storing client-side data (e.g., on our Website). Web storage supports persistent data storage, similar to cookies but with a greatly enhanced capacity and no information stored in the HTTP request header.Sessions: We use "Sessions" to identify the areas of our Website that you have visited. A Session is a small piece of data stored on your computer or mobile device by your web browser.

28. Data Protection PrinciplesRefacto.AI is designed and operated with the following data protection principles in mind:Personal Data collected and Source Code processed must be handled in a fair, legal, and transparent way...Data should only be collected/processed to fulfill specific, explicit, and legitimate purposes...Data (especially Source Code) should be processed ephemerally and not stored. Stored data (like review results or metadata) should be held no longer than necessary...(Accuracy and Integrity/Confidentiality principles remain similar)

29. Individual Data Subject's Rights - Data Access, Portability and DeletionFor Refacto.AI, since your Source Code and full Payment Details are not stored by us, requests for access, portability, or deletion of these specific data types would not apply to data stored by us. Such rights would apply to your stored Personal Data, Repository Metadata, and Review Results we maintain. Our customer support team is here for you to answer any questions at [email protected].

30. Data Breach NotificationIn the event of a data breach involving Personal Data or Refacto.AI Data, we will notify affected users and relevant authorities without undue delay and, where feasible, within 72 hours after becoming aware of it, in accordance with applicable laws. Notifications will detail the nature of the breach, the categories and approximate number of individuals and data records concerned.Contact our Data Protection Officer at [email protected].

31. Data Storage and Retention (Specific to Refacto.AI)(Revised for clarity on non-storage of source code and payment details.)Personal Data (Account Information): Stored on secure servers located in the USA. We retain Personal Data only as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.Source Code: Source Code is processed ephemerally and is not stored by Refacto.AI.Payment Details: Full payment card details are not stored by Refacto.AI. They are processed by third-party payment providers.Repository Metadata & Review Results: These may be stored to provide the Service and its features. Retention periods are detailed in Section 9. After these periods, or upon account deletion, this stored data will be securely deleted or fully anonymized.

32. Consent ManagementConsent for processing Personal Data and Refacto.AI Data is obtained at the time of account creation and service usage, in line with our Terms of Service and this Privacy Policy. Consent is freely given, specific, informed, and unambiguous. Users have the right to withdraw their consent for specific processing activities (like optional AI model training using their code, if ever offered) at any time, where applicable. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Users can manage their consent settings within their user account settings or by contacting us directly.

33. Data Subject Rights (Specific to Refacto.AI users)You have the right to access, correct, delete, or request the transfer of your Personal Data and applicable Refacto.AI Data that we hold. You also have the right to object to certain processing and, where we have asked for your consent to process your data, to withdraw this consent. Requests to exercise these rights can be directed to our team at [email protected].

34. Contact Us Don't hesitate to contact us if you have any questions regarding this Privacy Policy.Via Email: [email protected]

© 2025 Refacto AI. All rights reserved
SupportTerms Of UseSecurity PolicyPrivacy Policy