Privacy Policy

Last updated: April 13, 2026

MergeWatch is an open-source GitHub App that reviews pull requests using AI. This Privacy Policy explains what data the hosted MergeWatch SaaS (“we”, “us”) collects when you install the App on your repositories, what we do with it, and how you can remove it. The self-hosted distribution (AGPL v3) does not send any data to us and is not covered by this policy.

1. Data We Read From GitHub

When you install the MergeWatch GitHub App, it is granted the permissions you approve during installation. At minimum, MergeWatch reads the following when a pull request is opened, synchronized, or reopened:

  • The pull request diff (changed file paths, added and removed lines).
  • Pull request metadata (title, description, base and head branch, commit SHAs, author login).
  • Repository metadata (owner, repo name, default branch, visibility).
  • The contents of .mergewatch.yml if one is present in the repository root.

MergeWatch does not clone your repository, does not read files outside the PR diff, and does not access issues, wikis, actions, secrets, or deployments.

2. Data We Store

We store the minimum data required to operate the service. All data is held in AWS DynamoDB in the region where you install the service.

  • Installation records: installation ID, repository full name, per-repo settings you choose in the dashboard.
  • Review records: repository full name, PR number, commit SHA, review status, finding summaries, and the comment ID posted back to GitHub. Reviews are retained for 90 days and then automatically deleted via DynamoDB TTL.
  • Account and billing data: your GitHub user ID, email, and any billing metadata required by our payment processor if you are on a paid plan.

We do not persist raw pull request diffs, raw file contents, or the full text of LLM responses. Diffs are held only in memory during a review and discarded when the review completes.

3. How Your Data Flows To LLM Providers

To generate a review, MergeWatch sends the pull request diff and metadata to a large language model provider. On the hosted SaaS that provider is Amazon Bedrock, using Anthropic Claude models hosted in AWS. No data is sent to any third-party LLM provider outside AWS.

  • Amazon Bedrock does not use your inputs to train its models. See the Bedrock data protection documentation.
  • Prompts are not retained by Bedrock beyond the duration of the inference call.
  • If you self-host MergeWatch, you choose your own LLM provider via the LLM_PROVIDER environment variable; data flows only to the provider you configure.

4. Sub-Processors

  • Amazon Web Services — compute, storage, and LLM inference (Bedrock).
  • GitHub, Inc. — authentication and the source of all code data we process.

5. Retention and Deletion

Review records are deleted automatically 90 days after creation. Installation records persist until you uninstall the GitHub App. When you uninstall, MergeWatch receives an installation.deleted webhook and removes all installation and settings records associated with your installation. To request deletion of any residual data, email the address in Section 9.

6. Security

All traffic is encrypted in transit via TLS. Secrets (GitHub App private key, webhook secret) are stored in AWS SSM Parameter Store with KMS encryption. The MergeWatch codebase is fully open source under AGPL v3 — you can audit exactly what runs on your code at github.com/santthosh/mergewatch.ai.

7. Your Rights

You can uninstall the GitHub App at any time from your GitHub settings, which revokes our access and triggers deletion of your installation data. You can request a copy of any data we hold about you, or request its deletion, by contacting us at the address in Section 9.

8. Changes To This Policy

Material changes to this Privacy Policy will be announced on our GitHub releases page and reflected in the “Last updated” date above.

9. Contact

Questions, data requests, or deletion requests: privacy@mergewatch.ai. You can also open a GitHub issue on the repository linked above.