Legal

Privacy Policy

Last updated: June 2026

Short version: Your code goes to Anthropic's API using your own key. We never store your source code. We never use your code to train models. You are in control.

1. What Arguss does with your code

When Arguss reviews a pull request, it sends the diff (the changed lines only — not your full codebase) to Anthropic's Claude API. This happens using your own Anthropic API key. Arguss acts as a thin pass-through: your key, your API call, your Anthropic account.

We do not store your source code, diffs, or file contents on our servers. The review verdict, risk score, agent verdicts, and argument transcript are stored so you can revisit The Argument page — not your source code.

2. What data Arguss stores

We store the following per pull request review:

Repository name and PR number
PR title
GitHub username of the PR author
Review verdict (APPROVED / WARNING / BLOCKED)
Risk score (0–100)
Agent verdicts and their text findings (the argument transcript)
Merge confidence score
Timestamp of the review

We also store:

Your GitHub organisation name (to associate your Anthropic API key)
Your Anthropic API key, encrypted at rest
Slack / Teams webhook URLs if you configure them
Custom rules you define via the dashboard or .arguss.yaml
Developer DNA patterns (aggregated, per-developer statistics about review history)

3. Your Anthropic API key

Your Anthropic API key is stored encrypted at rest using AES-256. It is only used to make review API calls on your behalf. It is never logged, exposed in error messages, or shared with any third party other than Anthropic's API.

You can delete your key at any time by contacting hello@arguss.tech.

4. Anthropic's data practices

When your diff is sent to Anthropic's API using your key, Anthropic's own privacy policy governs that interaction. By default, Anthropic does not use API request data to train models. You can review Anthropic's privacy policy at anthropic.com/privacy.

5. GitHub data

Arguss is a GitHub App. It receives pull request events via webhook. We request the minimum permissions required:

Read: pull requests, code (diff only), metadata
Write: pull request comments, commit statuses

We do not read your full repository, issues, wiki, or any data outside of pull request diffs.

6. GitLab and Bitbucket

If you connect GitLab or Bitbucket, the same principles apply: only merge request / pull request diffs are sent to Anthropic's API. No other repository data is accessed or stored.

7. Cookies and analytics

The Arguss website uses no third-party analytics, tracking scripts, or advertising cookies. We may log server-side request metadata (IP address, timestamp, path) for security and abuse prevention purposes. These logs are retained for 30 days.

8. Data retention and deletion

Review verdicts and transcripts are retained indefinitely so you can access The Argument history. To request deletion of all data associated with your organisation, email hello@arguss.tech with your GitHub organisation name. We will delete all associated data within 14 days.

9. Security

API keys are encrypted at rest. All data is transmitted over HTTPS/TLS. We do not operate shared database instances between organisations. If you discover a security vulnerability, please disclose it responsibly to hello@arguss.tech.

10. Changes to this policy

If we make material changes to this policy, we will update the date at the top and notify connected organisations via their configured Slack or Teams webhook. Continuing to use Arguss after changes constitutes acceptance.

Contact

Questions about this policy: hello@arguss.tech