Privacy Policy

Scope of this policy

This policy covers InSitue Cloud (the SaaS autopilot). The local dev toolnever sends data to InSitue servers — picks, descriptions, diffs all stay on the developer's machine and ride the developer's own claude CLI session. Nothing below applies to that flow.

What we store

For each bug report InSitue stores: the capture bundle (DOM subtree, computed styles, screenshot, runtime errors, the user's note), the run's agent transcript, the verify log, and metadata (timestamps, status, resolved-PR URL). We do not retain your customer source — repos are cloned into an ephemeral Vercel Sandbox microVM that is destroyed after every run.

Secret scrubbing on ingest

Text fields are scrubbed before persistence. The user's note, console output, and error messages are redacted for common token shapes (Authorization headers, Bearer tokens, JWTs, common API-key prefixes) before the bundle hits our database.

Screenshots and DOM are not OCR-scrubbed— they're persisted as captured. If sensitive UI is visible (env vars in dev tools, API keys in code, dashboard panels), crop or blur it in the InSitue widget before sending. Same goes for any secrets that would appear in a screenshot of the page.

What end-users see

When your end-user submits a capture, they see the InSitue widget on your site — branded as InSitue, by you. The capture key (pk_live_…) is publishable and Origin-pinned, so it only accepts captures originating from domains you allow. We recommend disclosing the capture flow in your own privacy policy alongside your other product-feedback tooling.

Authentication

We authenticate dashboard users via GitHub OAuth. We store your GitHub login and email. We do not request scopes beyond those required for the integration (least-privilege).

Where your data is stored

The dashboard runs on Vercel in Sydney (syd1). The primary database is managed Postgres on Neon in aws-ap-southeast-2 (Sydney). Per-run customer builds execute in ephemeral Vercel Sandbox microVMs in the same region and are destroyed at the end of each run. The full third-party sub-processor list lives at /sub-processors.

Retention

Capture bundles, agent transcripts, and verify logs are retained for the lifetime of your project. Deleting a project deletes the rows; backups (point-in-time recovery on Neon) age out within 14 days. Account identity (your GitHub login + email) is held for the lifetime of the account and purged from backups within 30 days of account deletion. Sentry error events are retained per Sentry's default 90-day policy on the cloud app only.

Your rights

You can request access to, correction of, or deletion of the personal information we hold about you by emailing privacy@insitue.com. We'll respond within 30 days. If you're an end-user of a customer's product whose capture was sent through InSitue (rather than the customer themselves), please raise the request with the customer first — they are the controller of that data under our DPA, and InSitue is the processor.

We handle personal information consistent with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For customers in the EU/UK, the executed DPA applies the GDPR data subject rights (access, rectification, erasure, restriction, portability, objection); InSitue acts as processor.

Data breach notification

InSitue complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act. If we become aware of an eligible data breach involving InSitue Cloud, we will notify affected customers and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and within 30 days at the latest. Customers operating under an executed DPA receive notification per the timelines in that DPA.

Children

InSitue Cloud is a developer tool intended for businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has submitted data through a capture on a customer's product via InSitue, contact us at privacy@insitue.com and we will assist the customer (who is the controller of that data) in removing it.

Complaints

If you're unhappy with how we've handled your personal information, email privacy@insitue.com first and we'll work with you. If we can't resolve it, you may complain to the OAIC at oaic.gov.au/privacy/privacy-complaints ↗.

Pre-counsel disclaimer

This page summarises current data handling. Full counsel-reviewed Privacy Policy will replace this copy before paid launch. Privacy contact: privacy@insitue.com.