Privacy Policy

Last updated: January 6, 2026

1. Introduction

Welcome to Tformance. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI impact analytics platform (the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Tformance is a B2B SaaS platform that helps engineering leaders understand if AI coding tools are improving team performance by connecting to GitHub to correlate AI usage with delivery metrics.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

• Email address
• Name (if provided)
• Organization/team name
• Authentication credentials (OAuth tokens for connected services)

2.2 Integration Data

When you connect third-party services, we access and process:

• GitHub: Repository metadata, pull requests, commits, code reviews, organization members, and GitHub Copilot usage metrics (if available)

We do not store the full content of your source code. We analyze pull request titles, descriptions, and file metadata to detect AI-assisted development patterns.

2.3 Usage Data

We automatically collect certain information when you access the Service, including:

• Browser type and version
• Operating system
• Pages visited and features used
• Time and date of visits
• Error logs and performance data

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Calculate and display engineering metrics and AI impact analytics
• Analyze pull requests using AI/LLM to detect AI-assisted development
• Send transactional emails (account verification, password resets, notifications)
• Process payments and manage subscriptions
• Respond to customer support requests
• Monitor and analyze usage patterns to improve the Service
• Detect and prevent fraud or abuse

4. AI/LLM Data Processing

Our Service uses Large Language Models (LLMs) to analyze pull request data and detect AI-assisted development patterns. Specifically:

• Pull request titles, descriptions, and file metadata may be sent to our LLM provider (Groq) for analysis
• LLM outputs are used to categorize work and detect AI tool usage patterns
• We do not use your data to train LLM models
• LLM analysis results may not always be accurate; they should be used as indicators, not definitive assessments

5. Data Sharing and Subprocessors

We share your information with the following categories of third parties:

5.1 Subprocessors

5.2 Other Disclosures

We may also disclose your information:

• To comply with legal obligations or valid legal processes
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets
• With your consent or at your direction

6. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• EU-U.S. Data Privacy Framework (where applicable)
• Other lawful transfer mechanisms as required

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained while account is active, deleted within 30 days of account deletion
• Integration data: Retained while integrations are connected, deleted upon disconnection or account deletion
• Usage logs: Retained for up to 90 days for debugging and security purposes
• Billing records: Retained as required by law (typically 7 years)

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request transfer of your data to another service
• Restriction: Request restriction of processing
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond to your request within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Encryption of OAuth tokens using Fernet symmetric encryption
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Hosting on SOC 2 compliant infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences
• Analyze usage patterns (via PostHog)
• Prevent fraud (via Cloudflare Turnstile)

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]