Coefficient
Coefficient Privacy Policy
Effective Date: March 17, 2026
At Coefficient, your privacy is important to us. This Privacy Policy explains how we collect, use, protect, and share your information when you use our platform and services. By using Coefficient, you agree to the practices described in this policy.
1. Information We Collect
We collect only the information necessary to provide our services:
Account Information
- Email addresses and names from Slack and GitHub OAuth
- Workspace/team IDs and organization identifiers
- User profile information (display names, avatars)
- Timezone and locale preferences
Integration Data
- Slack channel IDs, user IDs, and message metadata
- GitHub repository names, PR titles, PR numbers, and labels
- PR diffs and code changes (only when AI review is enabled on Business AI tier)
- PR review comments, approvals, and merge status
- Contributor activity and leaderboard metrics
Usage Data
- Platform activity logs (PR notifications sent, reminders triggered)
- Feature usage analytics (which features are used, frequency)
- Performance metrics (response times, error rates)
- Device and browser information (user agent, IP address for security)
Payment Data
- Billing information (company name, billing email)
- Payment method details (processed securely via Paystack - we do not store full card numbers)
- Subscription tier, billing cycle, and payment history
- Invoice and receipt information
We do not collect: Passwords for third-party services, full repository code beyond PR diffs, private messages unrelated to Coefficient, or sensitive personal information beyond what's necessary for service delivery.
2. How We Use Your Data
We use your data to:
- Provide Core Services: Send PR notifications, reminders, and updates to your Slack workspace
- Enable Integrations: Connect Slack channels with GitHub repositories and sync PR activity
- AI-Powered Features: Analyze pull requests for insights and code review suggestions (Business AI tier only, opt-in)
- Improve Platform: Analyze usage patterns to enhance features, fix bugs, and optimize performance
- Ensure Security: Monitor for suspicious activity, prevent abuse, and maintain platform integrity
- Process Payments: Handle subscriptions, billing, and invoicing through secure payment processors
- Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
- Communications: Send service updates, feature announcements, and important notifications (you can opt out of marketing emails)
3. How We Share Your Data
We do not sell your data. We only share information in these specific cases:
Service Providers
We work with trusted third-party services under strict data protection agreements:
- Slack: For workspace integration and notifications
- GitHub: For repository access and PR management
- Anthropic (Claude AI): For AI-powered code reviews (Business AI tier only) - PR diffs are sent for analysis but never used for AI training
- Paystack: For secure payment processing (PCI DSS compliant)
- MongoDB Atlas: For secure database hosting with encryption
- Railway: For application hosting and infrastructure
Legal Requirements
We may disclose information when required to:
- Comply with laws, regulations, or valid legal processes (subpoenas, court orders)
- Protect the rights, property, or safety of Coefficient, our users, or the public
- Enforce our Terms of Service or investigate potential violations
- Detect, prevent, or address fraud, security, or technical issues
Business Transfers
If Coefficient is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the new entity honors this Privacy Policy.
With Your Consent
We may share data with other parties when you explicitly consent or direct us to do so.
4. Data Security
We implement comprehensive security measures to protect your data:
Technical Safeguards
- Encryption: AES-256 encryption for data at rest; TLS 1.2+ for data in transit
- Authentication: OAuth 2.0, JWT tokens, and webhook signature verification
- Access Controls: Role-based access control (RBAC) and least-privilege principles
- Network Security: Firewalls, DDoS protection, and isolated network segments
Operational Safeguards
- Audit Logging: All administrative actions logged with timestamps and user details
- Monitoring: Real-time alerts for suspicious activity or security incidents
- Backups: Automated, encrypted backups with point-in-time recovery
- Incident Response: Documented procedures for detecting, responding to, and recovering from security incidents
Human Safeguards
- Employee Training: Regular security awareness and best practices training
- Background Checks: Screening for employees with production system access
- Access Reviews: Periodic reviews and revocation of unnecessary access
For more details, see our Security Overview.
5. Data Retention
We retain your data only as long as necessary to provide our services or as required by law:
Active Subscriptions
- Account Data: Retained for the duration of your subscription and 90 days after cancellation
- PR Metadata: Retained while your subscription is active for analytics and historical tracking
- Notification History: Recent notifications retained for 90 days
- AI Review Data: PR diffs sent to AI provider are not stored by Coefficient or used for training
After Account Deletion
- Personal Data: Deleted within 30 days of account deletion request
- Aggregated Analytics: Anonymized data may be retained for product improvement
- Audit Logs: Retained for 7 years for security, compliance, and legal requirements
- Financial Records: Retained for 7 years per tax and accounting regulations
Job Queue & Temporary Data
- Completed Jobs: Retained for 7-30 days depending on job type
- Failed Jobs: Retained for 30 days for debugging and retry purposes
- Cache Data: Automatically expires within 24 hours
6. Your Rights and Choices
You have control over your data and how it's used:
Access and Portability
- Request a copy of your data in a machine-readable format
- View your account information, subscription details, and usage history
- Export your team's PR analytics and leaderboard data
Correction and Updates
- Update your account information through the Coefficient dashboard
- Correct inaccurate data by contacting support
- Sync changes from Slack/GitHub automatically
Deletion and Revocation
- Delete your account and associated data at any time
- Revoke Coefficient's access to Slack or GitHub through their respective settings
- Request specific data deletion (subject to legal retention requirements)
Opt-Out Options
- AI Review: Disable AI-powered code reviews in your team settings
- Analytics: Opt out of non-essential analytics collection
- Marketing Emails: Unsubscribe from promotional communications (service emails still sent)
- Notifications: Customize notification preferences per channel or user
To exercise your rights, contact: privacy@coefficient.io
We will respond to requests within 30 days.
7. Cookies and Tracking
We use minimal cookies and tracking technologies:
Essential Cookies
- Authentication: Session tokens to keep you logged in
- Security: CSRF tokens to prevent cross-site attacks
- Preferences: Remember your settings and choices
Analytics Cookies
- Usage Analytics: Understand how features are used to improve the platform
- Performance Monitoring: Track page load times and error rates
- A/B Testing: Test new features with subset of users
Third-Party Cookies
- Slack and GitHub may set cookies when you authenticate through their OAuth flows
- Payment processor (Paystack) may set cookies during checkout
Cookie Control: You can disable cookies in your browser settings, but this may limit platform functionality. We do not track your browsing activity outside of Coefficient.
8. AI and Code Review
For teams on the Business AI tier with AI review enabled:
What We Send to AI Provider
- PR title and description
- Code changes (diff) - limited to 50KB per PR
- File names and paths of changed files
What We Don't Send
- Full repository contents or commit history
- Unchanged files or code outside the PR
- Environment variables, secrets, or credentials
- Private comments or internal discussions
AI Provider (Anthropic Claude)
- Data Usage: PR diffs are analyzed in real-time and not stored long-term
- Training: Your code is never used to train AI models
- Security: Anthropic is SOC2 Type II certified with enterprise-grade security
- Privacy: Anthropic's privacy policy: anthropic.com/privacy
Your Control
- AI review is opt-in (only available on Business AI tier)
- Disable AI review at any time in team settings
- AI quota limits prevent excessive processing (50 insights per user/month)
9. International Data Transfers
Coefficient operates globally and may transfer data across borders:
- Primary Storage: MongoDB Atlas (US region) with encryption and compliance certifications
- Application Hosting: Railway (US region) with secure infrastructure
- Data Protection: We use standard contractual clauses and ensure adequate safeguards for international transfers
- EU/UK Users: Data transfers comply with GDPR requirements through approved mechanisms
10. Children's Privacy
Coefficient is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.
If you believe a child has provided us with personal information, please contact us at privacy@coefficient.io.
11. Legal Basis for Processing (GDPR)
For users in the EU/UK, we process your data based on:
- Contract Performance: Processing necessary to provide Coefficient services you've subscribed to
- Legitimate Interests: Improving our platform, preventing fraud, and ensuring security
- Consent: For optional features like AI review or marketing communications (you can withdraw consent anytime)
- Legal Obligations: Compliance with applicable laws and regulations
12. Third-Party Links and Services
Coefficient integrates with third-party services (Slack, GitHub) that have their own privacy policies:
- Slack Privacy Policy: slack.com/privacy-policy
- GitHub Privacy Statement: docs.github.com/privacy
- Paystack Privacy Policy: paystack.com/privacy
We are not responsible for the privacy practices of these third parties. Please review their policies independently.
13. Data Breach Notification
In the unlikely event of a data breach that affects your personal information:
- We will notify affected users within 72 hours of discovery
- Notification will include: nature of the breach, data affected, steps we're taking, and recommended actions
- We will report to relevant authorities as required by law (e.g., GDPR, state breach notification laws)
- We maintain an incident response plan with clear escalation procedures
14. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request details about personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information (subject to legal exceptions)
- Right to Opt-Out: Opt out of sale of personal information (note: we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact privacy@coefficient.io with "CCPA Request" in the subject line.
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or platform features.
- Notification: Material changes will be communicated via email or in-app notification
- Effective Date: Changes take effect 30 days after posting (unless legally required sooner)
- Review History: Previous versions available upon request
- Latest Version: Always available at getcoefficient.app/privacy
Continued use of Coefficient after changes indicates acceptance of the updated policy.