Privacy Policy

How AIssue handles your data.

Data controller

The data controller for AIssue is:

You can use this email for privacy questions, rights requests, or complaints.

Summary

Your issue content never leaves your browser in a readable form. Titles, bodies, labels, assignees, milestones, and issue authors are cached only in your own browser. AIssue's server-side database never stores issue titles or bodies. It only stores the minimum metadata needed to make semantic search, duplicate detection, and sync state work — issue numbers, timestamps, state, vector embeddings, and content fingerprints.

Issue text is sent from your browser to Google Gemini via AIssue's API route solely to generate the embedding vector; the raw text is not retained on AIssue's servers after the embedding is computed.

What we collect

Pseudonymous analytics

  • Page views
  • Screen resolution
  • Device type, browser family, and OS family
  • Feature usage events
  • A daily-rotating pseudonymous visitor identifier

Minimal server-side repository and issue data

  • Repository identity such as owner/name
  • Your GitHub user id and username, to link you to repositories you add
  • Issue number, GitHub issue id, state, timestamps, and issue type
  • Vector embeddings derived from issue text for semantic search
  • Content fingerprints used to detect when embeddings should be refreshed
  • Similarity scores and review state for duplicate detection

What we do not store centrally

  • Issue titles and bodies are not stored in AIssue's server-side database
  • Labels, assignees, milestones, and issue author are not stored in AIssue's server-side database
  • Your GitHub token is not stored server-side for normal use. When you sign in via GitHub OAuth, the access token is stored transiently in a short-lived challenge row and is deleted as soon as your browser exchanges a one-time nonce for it, or when the row expires
  • No cookies are used for tracking
  • No IP addresses are stored in analytics tables
  • No third-party analytics service is used

Authentication

AIssue supports two ways of authenticating against GitHub:

  • A GitHub personal access token (PAT) that you paste into the app. The token is stored only in your browser's localStorage and sent as a bearer token on API requests
  • GitHub OAuth sign-in. During the OAuth callback, AIssue temporarily stores the OAuth state and the issued access token in a server-side challenge table so your browser can redeem them via a one-time nonce. These rows have a short expiry and are deleted on redemption or expiry; the token itself is then kept only in your browser's localStorage
  • Your chosen authentication method is remembered in localStorage so the app knows how to refresh sessions

Data stored in your browser

AIIssue stores some data locally in your browser to make the app usable and to avoid keeping unnecessary issue content on our servers.

  • Your GitHub token is stored in `localStorage`
  • Selected project and some UI state are stored in `localStorage`
  • Issue content cache is stored in your browser's IndexedDB
  • That local issue cache can include title, body, labels, milestone, assignees, author, and a content fingerprint

How issue text is processed

When you sync or re-embed issues, issue title and body are temporarily processed so embeddings can be generated. Those texts are sent through AIssue's API route and on to Google Gemini's embedding API. AIssue stores the resulting embedding vectors, but not the raw title/body text in the central database.

Issue text may also be fetched directly from GitHub to your browser when you view issues, search, scan for duplicates, or create new issues.

Purpose of processing

  • Let you add and manage repositories in AIssue
  • Sync issue metadata from GitHub
  • Generate embeddings for semantic search
  • Compute and review likely duplicate issues
  • Maintain basic service health and product analytics

Legal basis (GDPR)

Service data

The legal basis for storing repository links, your GitHub username, minimal issue metadata, embeddings, fingerprints, and duplicate-review state is contract performance (Art. 6(1)(b)). This processing is necessary to provide the features you request when you use AIssue.

Analytics data

The legal basis for analytics is legitimate interests (Art. 6(1)(f)), limited to understanding usage patterns and improving the service.

Data sharing and processors

  • GitHub is used to fetch repository and issue data using your token
  • Google Gemini is used to generate embeddings from issue text
  • Turso is used to store the server-side database
  • Vercel hosts the application and API routes

Internal access

A small set of designated AIssue administrators can view aggregated analytics (visit counts, page paths, device/browser/OS breakdowns, feature event counts) through an internal admin view. Administrators do not see raw IP addresses, GitHub tokens, or issue content.

EU data residency and transfers

AIssue's Turso database is hosted in the EU region (AWS EU West 1, Ireland). Vercel may process requests transiently as part of hosting and routing. GitHub and Google may process data outside the EU when issue content is fetched or embeddings are generated.

Data retention

  • Daily analytics salts are deleted after 7 days
  • Active visitor heartbeats are deleted after 5 minutes of inactivity
  • Analytics events and page views are retained until they are no longer needed
  • Server-side repository and issue metadata are retained while the repository is active in AIssue
  • Local browser caches remain until you clear browser storage or the app overwrites them

Deleting your data

You can stop using AIssue at any time and clear local data directly in your browser. If you remove a repository from AIssue and no other user is linked to it, the related server-side project data can be deleted. For help with deletion requests, contact aissue@haavelund.no.

Your rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object or complain to Datatilsynet

Contact aissue@haavelund.no for privacy-related requests.

Contact

For questions about this privacy policy or about how AIssue handles personal data, contact aissue@haavelund.no.