Last updated: March 15, 2026
MergeShield LTD ("we", "us", "our"), a company registered in England and Wales (Company No. 17079928, registered address: 124 City Road, London, EC1V 2NX, United Kingdom), is the data controller for the personal data processed through the MergeShield service. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using MergeShield, you agree to the practices described in this policy.
When you sign in via GitHub OAuth, we receive your GitHub username, display name, email address, and profile avatar. We store this information to manage your account and associate it with your organizations.
When you install our GitHub App, we access repository metadata (name, owner, visibility) and pull request data (title, description, author, branch name, code diffs, changed files, commit messages). We use this data to perform risk analysis and agent detection.
We store the results of our AI analysis: risk scores, reasoning logs, agent detection results, trust scores, audit events, merge decisions, and approval records. These are generated by our system, not provided by you.
We collect standard usage metrics: page views, feature usage, API call counts, and error logs. This helps us improve the Service and debug issues.
We do not clone or store your source code repositories. We only access code diffs (the changes in a pull request) for the duration of analysis. We do not access private repositories beyond the permissions you explicitly grant. We do not store GitHub access tokens — we use short-lived installation tokens provided by GitHub's API.
We process your personal data on the following legal bases under UK GDPR: (a) Contract — processing necessary to provide the Service you have signed up for (account management, risk analysis, notifications); (b) Legitimate interests — improving our Service, fraud prevention, and security monitoring, where these interests are not overridden by your data protection rights; (c) Consent — where you have given consent for specific processing activities, such as optional marketing communications, which you may withdraw at any time; (d) Legal obligation — where we are required by law to process or retain certain data.
We use Anthropic's Claude AI to analyze pull request diffs. When a PR is analyzed, the code diff and relevant metadata are sent to Anthropic's API for processing. Anthropic's data retention and privacy policies apply to this processing. Anthropic does not use API inputs to train their models. We recommend reviewing Anthropic's privacy policy at anthropic.com/privacy for details on their data handling practices.
We do not sell your data. We share data only with: (a) Anthropic — for AI analysis processing, as described above; (b) Infrastructure providers (Railway, Vercel) — for hosting the Service; (c) Resend — for transactional email delivery; (d) Stripe — for payment processing (on paid plans). We may disclose data if required by law or to protect our rights and safety.
Your data is stored in PostgreSQL databases hosted on Railway's infrastructure. All data is encrypted in transit (TLS 1.3) and at rest. API keys are stored as SHA-256 hashes — we cannot recover your plain-text API key after creation. We implement rate limiting, authentication, and role-based access control to protect your data. Webhook payloads are signed with HMAC-SHA256 for integrity verification.
We retain your data for the duration of your account. Analysis results and audit logs are kept as long as your account is active to provide historical governance data. You may request data export or deletion at any time by contacting support@mergeshield.dev. Upon account deletion, we remove your personal data within 30 days. Anonymized, aggregate analytics may be retained indefinitely.
We use essential cookies for authentication session management (required for the Service to function). We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site tracking. Our analytics are first-party and aggregate only.
Our GitHub App requests the minimum permissions required: read access to repository metadata, pull requests, checks, and commit statuses; write access to post PR comments and create commit statuses. We do not request write access to code, branches, or repository settings. You can review and revoke these permissions at any time in your GitHub settings.
MergeShield is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
Your data may be processed in the United States and other countries where our infrastructure providers operate. Where data is transferred outside the United Kingdom or European Economic Area, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions to ensure your data is protected in accordance with UK GDPR and applicable data protection law.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.
For privacy-related questions or to exercise your data protection rights, contact us at privacy@mergeshield.dev. MergeShield LTD, 124 City Road, London, EC1V 2NX, United Kingdom. Company No. 17079928. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have not been respected.