Your data is safe here.
We read just enough to surface the signals that matter. No source code. No commit messages. Minimal PII. Here's exactly what that means.
Enterprise-Grade Privacy by Design
Privacy isn't a compliance checkbox we ticked before launch. It's a core design constraint — built into what data we collect, how we store it, and what we'll never build on top of it.
What we access — and what we keep
CrewPulse connects to GitHub, Jira, Linear, and ADO to pull delivery signals. Here's the precise scope of what that means.
| Data type | We access? | We store? |
|---|---|---|
| PR open/close timestamps, review lag | Yes | Aggregated metrics only |
| Ticket status, milestone progress | Yes | Aggregated metrics only |
| Commit timestamps, cycle time | Yes | Aggregated metrics only |
| Source code / file contents | Never | Never |
| Commit messages | Never | Never |
| PR descriptions or comments | Never | Never |
| Engineer names & email addresses | Yes | Yes — required for check-in invites |
| Any other PII | Never | Never |
The guarantees that matter
Metadata only — no source code, ever
CrewPulse reads delivery signals — timestamps, counts, durations — not content. We never request read access to file contents, diffs, or repository blobs. Your code stays yours.
No commit messages or PR text
Commit messages often contain sensitive context — customer names, internal codenames, security notes. We don't read them. Cycle time is calculated from timestamps alone.
API tokens encrypted at rest
Integration credentials are encrypted at rest using AES-256. They're decrypted only at query time, never logged, and never exposed outside the API call that needs them.
Pulse responses are anonymized before storage
Check-in slider scores are stored at the team level, not per-engineer. Open text responses are AI-summarized into themes and the originals are deleted. A manager cannot reconstruct who said what.
Minimal PII — names and email addresses only
We need engineer names and emails to send check-in invites and attribute team membership. That's it. No job titles, salaries, performance history, or HR data — and we have no plans to collect any.
Security FAQ
Can CrewPulse read our private GitHub repositories?
We request the minimum OAuth scopes needed to pull delivery metrics — PR timestamps, review status, and merge events. We do not request and cannot read file contents, commit diffs, or repository blobs. You can verify the exact scopes requested during the OAuth authorization flow.
Where is data stored? Which region?
Data is stored in the United States on Azure infrastructure. If your compliance requirements mandate EU data residency, reach out — we're tracking demand for an EU region and will prioritize it accordingly.
What happens to our data if we cancel?
On cancellation, your account data is scheduled for deletion within 30 days. Integration credentials are revoked immediately. You can also request immediate deletion by emailing us — we'll process it within 48 hours.
Do you sell or share our data with third parties?
No. Your data is used solely to power your CrewPulse dashboard. We don't sell it, share it with advertisers, or use it to train models on your behalf. The only third-party services involved are infrastructure providers (Azure) and the AI summarization layer for open-text pulse responses.
Is there a security contact for vulnerability reports?
Yes. Email hello@crewpulse.io with the subject line "Security disclosure" and we'll respond within 24 hours.
Have a specific security question?
If you're evaluating CrewPulse and need details beyond what's here — specific scopes, data retention policies, infrastructure specifics — email us directly. We'll give you a straight answer.
hello@crewpulse.io