DevCite
Privacy

Privacy Policy

How DevCite handles metadata, report generation, storage, and enterprise privacy boundaries.

Last updated: March 16, 2026

Collection

Metadata only, not source code

DevCite ingests PR titles, ticket fields, and communication context without storing underlying code files.

Public-site operating model

Processing

Ephemeral report-generation flow

Synced cache is processed in isolated workers and deleted after reports are generated successfully.

Public-site operating model

Policy

Structured for leadership visibility

Customer content is processed for delivery workflows only and is not used to train public AI models.

Privacy summary

  • Read-only metadata access only.
  • No source-code storage.
  • Zero training on customer data.
  • Encrypted storage and isolated processing.

Security contact

[email protected]

Use this address for privacy reviews, security questionnaires, and enterprise diligence requests.

1. Our Commitment to Privacy

At DevCite, we understand that your technical logs, source code metadata, and internal communications are highly sensitive. We built our automated reporting tool with a privacy-first architecture specifically designed for enterprise security, ensuring your underlying Intellectual Property is never exposed.

2. Zero AI Training Policy

We have strict contracts with our Large Language Model providers. None of your data will ever be used to train public AI models. We use enterprise API endpoints where data is processed ephemerally and immediately discarded after your weekly report is generated.

3. Data Collection and Encryption

DevCite requires read-only access to select platforms such as Jira, GitHub, Bitbucket, Linear, and Slack to function. We only collect the specific fields required to generate reports and keep all ingested metadata encrypted at rest using AES-256-GCM.

  • Pull request titles, descriptions, and file change metadata without storing actual source code.
  • Ticket summaries, statuses, and updates tied to delivery reporting.
  • Public or approved channel messages only when needed for reporting context.

4. Data Retention

Raw synchronization cache is processed in isolated worker environments and is automatically deleted after your weekly report is successfully generated. We only store the final drafted summaries and the configured delivery endpoints for your historical project archive.

5. Contact Us

If you have any questions or concerns regarding our privacy practices, please contact our security team at [email protected].