Privacy Policy

Quartet ("we", "our", "us")

Effective date: June 2, 2026

1. Who We Are

Quartet provides pull request review and automation tools for software teams. We are the data controller for the information described in this policy.

2. What Data We Collect

We collect only the minimum data necessary to operate the service.

Repository and account data

Data	Why we collect it
Account, organization, and repository identifiers	To provide the service for selected repositories
Pull request metadata	To track review and automation status
Pull request and repository content	To review, verify, and, when authorized, assist with pull requests
User identifiers from connected accounts	To show attribution and maintain audit records

Technical data

Data	Why we collect it
IP address and request metadata	Security, abuse prevention, and service operation
Session cookie	To maintain your authenticated dashboard session
Operational logs	Security, debugging, and reliability

3. What We Do Not Collect

Passwords, payment information, real names, postal addresses, or government IDs
Biometric data of any kind
Cross-site tracking data or advertising profiles
Repository content for general storage purposes

4. How We Use Your Data

Purpose	Legal basis
Providing pull request review and automation	Contract
Tracking service state and history	Contract
Using service providers to process review and automation requests	Contract
Dashboard authentication and session management	Contract
Security, abuse prevention, and audit records	Legitimate interest

5. How We Store and Protect Your Data

We use commercially reasonable technical and organizational safeguards designed to protect your data.

Access to production systems is restricted to authorized personnel and service components.
Sensitive credentials are protected using secure credential management.
Data is encrypted in transit.
Session cookies use standard browser security controls.
We retain operational metadata needed to provide, secure, and troubleshoot the service; we do not retain repository content for general storage.

6. Third-Party Data Sharing

We do not sell, trade, or share your personal data with third parties for commercial purposes. We share data only in the following limited circumstances:

Connected account providers — We exchange data with the services you connect to Quartet so the service can operate.
Service providers — We use service providers to process review and automation requests and to host the service. They process data on our behalf under their own privacy and data-processing terms.
Legal authorities — We may disclose data if required by law, court order, or to protect the safety of users or the public.

7. Data Retention

Data type	Retention period
Service state and operational metadata	Retained only as long as needed to provide, secure, troubleshoot, or audit the service
Dashboard sessions	Retained until expiry or logout
Operational logs	Retained for a limited operational period
Repository content used for review or automation	Processed as needed to provide the service; not retained for general storage

When you uninstall Quartet or request deletion, we delete or de-identify data within a reasonable period unless retention is required for security, legal, or legitimate operational reasons.

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

Access — Request a copy of the data we hold about you
Correction — Request that inaccurate data be corrected
Deletion — Request permanent deletion of your personal data
Portability — Request your data in a machine-readable format
Objection — Object to processing based on legitimate interests

To exercise any of these rights, contact privacy@quartet.tools. We will respond within 30 days.

9. Cookies

The Quartet dashboard uses a session cookie:

Cookie	Purpose	Expiry
`quartet_session`	Maintains your authenticated dashboard session	Expires automatically or on logout

We do not use advertising or cross-site tracking cookies.

10. Children's Privacy

Quartet is not directed at children under 13. Our services are intended for software developers and team leads. If you believe we have inadvertently collected data from a minor, contact privacy@quartet.tools and we will delete it promptly.

11. International Data Transfers

Your data may be processed in the United States and other jurisdictions where we or our service providers operate. We take appropriate measures to protect transferred data in accordance with this policy.

12. Changes to This Policy

When we make material changes, we will update the effective date above. Continued use of Quartet after the effective date constitutes acceptance of the updated policy.

13. Contact

Email: privacy@quartet.tools

We aim to respond to all privacy-related inquiries within 5 business days.