Privacy Policy

Last updated June 2, 2026

This policy explains what Attercop collects, why, and what we do with it. Attercop is a Slack + GitHub bot that notifies a reviewer when a pull request has waited too long for review.

Information we collect

  • Account: the email you sign in with (via our authentication provider).
  • Integration credentials: the Slack bot token and team ID, and the GitHub access token and account login, created when you connect those services.
  • Configuration: the repositories you choose to watch, their thresholds, and your fallback Slack channel.
  • Operational data: a record of which pull requests we've notified about (repository, PR number, and timestamps) so we don't notify twice.
  • Billing: handled by Stripe. We store a Stripe customer ID and your subscription status — never your card number.
  • Technical logs: standard request and error logs used to operate and secure the service.

We read pull request metadata (title, number, last-activity time, and requested reviewers). We do not clone, read, or store your source code.

How we use it

  • To provide the service — scanning your watched pull requests and sending review nudges.
  • To process subscriptions and billing.
  • To provide support and to secure and improve the service.

We do not sell your personal data or use it for advertising.

Service providers we share with

We share data only with the providers needed to run Attercop, each acting on our behalf:

  • Supabase — authentication and database.
  • Cloudflare — application hosting.
  • Stripe — subscription billing and payment processing.
  • Slack and GitHub — the integrations you connect; we exchange data with them to do the job you asked for.

Retention and deletion

We keep your data while your account is active. You can disconnect Slack or GitHub at any time, which removes the associated tokens. To delete your account and associated data entirely, email support@attercop.dev. We will delete it within 30 days, except where we must retain records (e.g. for tax or legal obligations).

Security

Integration tokens are stored server-side and are never exposed to the browser. Data access is owner-scoped and enforced with database row-level security. No system is perfectly secure, but we work to protect your data and limit access to what the service needs.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. To exercise any of these, contact support@attercop.dev.

Changes and contact

We may update this policy; we'll revise the “last updated” date above and, for material changes, notify you. Questions? Email support@attercop.dev.