Privacy Policy
Draft — effective date to be set at public launch.
What we process
- Work item text (story titles, descriptions, acceptance criteria, generated test cases) is sent to our API only when you click Score, Generate, or Regenerate. It is processed in flight and never stored on our servers.
- What we do store: your Azure DevOps organization name, work item IDs, SHA-256 content hashes (one-way fingerprints used for change detection), plan and usage counters, and license keys. Hashes cannot be reversed into your text.
Subprocessors
- Anthropic — LLM inference on work-item text (in-flight processing).
- Microsoft Azure — API hosting and database.
- Lemon Squeezy — payments and invoicing (merchant of record). We never see your card details.
What we never access
- Your Azure DevOps credentials — all ADO reads/writes run in your browser under your own session.
- Work items you never invoke the extension on.
- Card or bank details.
Retention & deletion
Usage records and hashes are retained while your organization has an active installation. Email us to delete all data for your organization; deletion completes within 30 days.
Contact
Privacy questions: hello@example.com (placeholder — final domain at launch).