Privacy Policy
Last updated: March 1, 2026
1. Introduction
Chykalophia LLC ("Company," "we," "us," or "our") operates BeforeMerge ("Service"), an AI-native code review knowledge base available at beforemerge.dev. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.
We are committed to protecting your privacy and handling your data transparently. By using the Service, you consent to the data practices described in this policy.
2. Data We Collect
2.1 Information You Provide Directly
- Account information: Email address, name, and profile information provided when you create an account or join our waitlist
- Communication data: Information you provide when you contact us for support, submit feedback, or participate in surveys
- User content: Code review rules, configurations, and other content you create or upload to the Service
2.2 Information Collected Through Integrations
- GitHub data: When you connect your GitHub account, we may access repository metadata, pull request information, code diffs, commit messages, and related data necessary to provide code review functionality. We only access repositories and data you explicitly authorize.
2.3 Information Collected Automatically
- Usage analytics: Pages visited, features used, time spent on pages, and interaction patterns
- Device and browser information: Browser type, operating system, device type, screen resolution, and language preferences
- Network information: IP address, approximate geographic location (derived from IP), and referring URLs
- Cookies and similar technologies: See our Cookie Policy for details
3. How We Use Your Data
We use the information we collect to:
- Provide, maintain, and improve the Service, including code review analysis and knowledge base features
- Process your account registration and manage your account
- Send you transactional communications (e.g., account verification, billing, security alerts)
- Send you marketing communications (with your consent), including product updates and newsletters
- Analyze usage patterns to improve user experience and develop new features
- Detect, prevent, and address technical issues, fraud, and security incidents
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your code or repository data to train AI models outside the scope of providing the Service to you.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contractual necessity: Processing required to provide you the Service under our Terms of Service
- Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights
- Consent: Processing based on your explicit consent, such as receiving marketing communications. You may withdraw consent at any time.
- Legal obligation: Processing required to comply with applicable laws and regulations
5. Third-Party Service Providers
We share your data with the following categories of third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account data, user content, application data |
| Vercel | Web hosting and deployment | IP addresses, request logs, usage data |
| MooSend | Email marketing and newsletters | Email address, name, email engagement data |
| GitHub | OAuth authentication and code review integration | GitHub profile data, authorized repository data, pull request data |
All third-party providers are contractually required to protect your data and use it only for the purposes we specify. We do not sell your personal information to any third parties.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:
- Account data: Retained for the duration of your account and up to 30 days after account deletion
- Usage analytics: Retained in aggregate form for up to 24 months
- Waitlist data: Retained until the Service launches or you request removal, whichever comes first
- Support communications: Retained for up to 24 months after resolution
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Regular security assessments and vulnerability monitoring
- Access controls limiting employee access to personal data
- Secure authentication mechanisms, including OAuth for GitHub integration
While we strive to protect your personal data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
8. Cookies
We use cookies and similar tracking technologies to enhance your experience on our Service. For detailed information about the types of cookies we use, how they work, and how to control them, please refer to our Cookie Policy.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete personal data
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements
- Right to data portability: Request a machine-readable copy of your data to transfer to another service
- Right to restrict processing: Request that we limit how we use your personal data
- Right to object: Object to our processing of your personal data based on legitimate interests
- Right to withdraw consent: Withdraw your consent at any time where processing is based on consent
To exercise any of these rights, please contact us at hello@beforemerge.dev. We will respond to your request within 30 days (or as required by applicable law). We may request verification of your identity before processing your request.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know: You may request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share your data.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, contact us at hello@beforemerge.dev.
11. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from your country. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy, including standard contractual clauses where applicable.
12. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we have collected data from a child under 16, please contact us at hello@beforemerge.dev.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email (if we have your email address) or by posting a prominent notice on our website at least 30 days before the changes take effect.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
- Email: hello@beforemerge.dev
- Website: beforemerge.dev
- Company: Chykalophia LLC
- Location: United States
If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.