Privacy Policy

1) Information We Collect and Receive

A. Account and Vault Information

• Name, work email, team, role, authentication metadata, billing/admin contacts.

B. Integration and Operational Data

• Issue and delivery metadata from connected tools (for example: Jira, Slack, GitHub, Sentry, and similar systems you authorize).
• Incident and activity context such as timestamps, issue identifiers, status changes, commit/PR references, and related workflow metadata.
• Limited technical and usage logs needed to operate, secure, and improve reliability of the service.

C. Website and Support Data

• Contact form submissions, support communications, and basic analytics/security telemetry from our marketing and product websites.

D. Data We Do Not Intentionally Collect by Default

• Full repository mirrors or full file histories not required for the selected feature.
• Keystroke logging, covert surveillance data, or unrelated personal content.
• Customer content for third-party model training.

2) How We Process Your Information

We process data to:

• Detect and surface delivery blockers and workflow friction.
• Correlate incidents, changes, and outcomes for audit-ready evidence.
• Generate operational insights, summaries, and recommendations for authorized users.
• Secure the platform, prevent abuse, and maintain service reliability.
• Meet legal, contractual, and compliance obligations.

AI and Model Use

• Customer Data is not used to train shared foundation models.
• Where AI-assisted features are used, processing is performed under contractual controls intended to limit provider retention and prohibit model training on Customer Data, subject to provider terms and applicable law.
• We apply data minimization and role-based access controls to AI-enabled workflows.

3) Data Retention and Minimization

• We retain data only as long as necessary for service delivery, security, legal obligations, and customer-configured lifecycle rules.
• Retention windows may vary by data category (for example: webhook/log replay windows, bounded context snapshots, and long-lived vault records).
• Deletion requests are honored per contract and law, including removal or irreversible de-identification where applicable.
• Backup and disaster-recovery copies are retained for limited periods and then cycled out.

4) How We Share and Disclose Information

We may share data:

• With authorized users within your team.
• With subprocessors and infrastructure providers under confidentiality and data protection terms.
• With professional advisors (legal, audit, security) on a need-to-know basis.
• To comply with lawful requests, legal process, or to protect rights, safety, and platform integrity.
• In connection with a merger, acquisition, financing, or asset transfer (with appropriate safeguards).

We do not sell Personal Data in exchange for money.

5) Security

We implement administrative, technical, and physical safeguards, including:

• Encryption in transit and at rest.
• Access controls, least-privilege permissions, and authentication controls.
• Tenant/vault isolation mechanisms and audit logging.
• Monitoring, incident response, and secure development practices.

No system is 100% secure, but we continuously improve controls and response readiness.

6) Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

• Access, correct, export, or delete your Personal Data.
• Restrict or object to certain processing.
• Withdraw consent where processing is consent-based.
• Appeal or lodge complaints with a regulator.

How to Exercise Rights

Contact: privacy@deja.dev
Please include your vault name/ID and request type. We may verify identity and authorization before fulfillment.

Cross-Border Processing

If data is transferred internationally, we use appropriate legal transfer mechanisms and safeguards.

Policy Updates

We may update this policy periodically. We will post the updated version with a revised effective date and provide additional notice where required.