Legal
Privacy Policy
This Privacy Policy explains how DocFlow handles GitHub account data, repository metadata, pull request code changes, telemetry, and billing information for the DocFlow AI code documentation service.
Last updated: June 24, 2026
Our core privacy commitment
Your code is your property. DocFlow processes changed code only for the purpose of generating documentation drafts. We do not use your code to train large language models, do not sell your code, and do not store source code as a permanent DocFlow record.
Information we collect
| Data type | Scope | Purpose | Legal basis |
|---|---|---|---|
| GitHub account information | GitHub user ID, username, email address, and avatar URL | Account identification, GitHub App installation, and service delivery | Contract performance |
| Repository metadata | Repository name, description, language, and visibility settings | Configuration display, repository selection, and service delivery | Contract performance |
| Code changes | Pull request diffs and changed-file context triggered by merged PRs | Real-time AST analysis and AI documentation draft generation | Contract performance and legitimate interests |
| Usage telemetry | Feature usage, documentation generation counts, and configuration choices | Product improvement, reliability monitoring, and performance optimization | Consent where required; legitimate interests otherwise |
| Payment information | Billing details processed by Stripe or GitHub Marketplace | Subscription billing, invoicing, and fraud prevention | Contract performance |
How DocFlow processes code
- GitHub sends DocFlow a webhook when a configured pull request is merged.
- DocFlow reads only the changed files and relevant diff context needed for documentation generation.
- An AST analysis layer extracts factual structure such as functions, parameters, exports, and types.
- An LLM generates natural-language documentation drafts from that context.
- The output is shown for review through GitHub comments or commits back to your repository.
DocFlow does not actively read unrelated repository files unless you explicitly opt in to a broader scan.
Data retention and deletion
Code diffs used as LLM input
Processed in real time and discarded after generation; DocFlow does not persist user code.
Generated documentation
Stored in your GitHub repository after you approve or merge it; DocFlow does not keep a separate permanent copy.
Repository metadata
Retained while the GitHub App remains installed; deleted within 30 days after uninstall or account closure.
Raw telemetry events
Retained for up to 12 months; anonymized aggregate analytics may be retained longer.
Account information
Retained while your account is active; deleted within 30 days after account closure unless law requires otherwise.
Sub-processors
DocFlow may use GitHub for repository access and webhooks, an LLM provider such as OpenAI or Anthropic for documentation generation, Stripe or GitHub Marketplace for billing, hosting providers for application infrastructure, and a managed database provider for account settings and product configuration. These providers process data only as needed to deliver DocFlow and are expected to maintain appropriate security controls.
Telemetry and cookies
Optional analytics and marketing cookies are not loaded for users who have not consented where consent is required. You can learn more in our Cookie Policy.
Your choices and rights
- You can uninstall the DocFlow GitHub App to stop repository processing.
- You can disable anonymous usage telemetry where that setting is available.
- You can request access, correction, deletion, portability, or objection where applicable law provides those rights.
- You can contact us about privacy questions at [email protected].
AI-generated content disclaimer
DocFlow uses large language models to generate documentation drafts. AI-generated documentation may contain inaccuracies, omissions, outdated information, or inappropriate language. You must review all generated documentation before committing it to your repository.