Privacy Policy
Hostile Review is a product of AgentsPlex. References to "we", "us", and "our" refer to AgentsPlex and its services, including hostilereview.com. This policy describes how we collect, use, and protect your information.
Information We Collect
- Account information: Email address and display name when you create an account.
- Payment information: Processed entirely by Stripe. We never see or store your credit card numbers.
- Source code: Code you submit for review (via paste, GitHub, GitLab, ZIP upload, or MCP). See "Code Handling" below.
- GitHub/GitLab data: Installation IDs, project paths, OAuth tokens, and webhook payloads necessary to provide automated reviews.
- Usage data: Pages visited, reviews requested, and feature usage to improve our service.
Code Handling
Your source code is processed in-memory by our analysis engine during review. For paid AI scans, code is sent to third-party AI model providers for analysis. For free baseline scans, code is analyzed using open-source tools running locally on our servers — only the AI synthesis step sends a summary of findings (not your raw source code) to a third-party LLM. In all cases, code is not stored permanently after the review completes. Review results (findings, comments, summaries) are stored and can be deleted by you at any time via your dashboard.
How We Use Your Information
- To provide and improve the code review service
- To process payments and manage subscriptions
- To post review comments on your pull requests and merge requests
- To communicate service updates and respond to support requests
Third-Party Services
- Stripe: Payment processing. Subject to Stripe's Privacy Policy.
- AI Model Providers: The following third-party LLM providers are used for code analysis depending on the selected tier: Anthropic (Claude), DeepSeek, and OpenAI (GPT). We also use locally-hosted models running on our own hardware for certain tiers (HR Roasty, HR Sharona), which do not transmit code externally. Code is transmitted securely via HTTPS/TLS and processed per each provider's data handling policies. Free baseline scans use locally-hosted models for report synthesis — raw source code is not sent to any third party during free scans.
- GitHub/GitLab: Source code access and PR/MR comment posting via their APIs.
We do not keep, sell, rent, or share your personal information or source code with any parties beyond those listed above, and only to the extent necessary to provide the service. All submitted source code is deleted from our servers upon scan completion — only the review results (findings, summaries) are retained. When code is sent to third-party AI providers for paid scans, it is transmitted in isolated chunks — no third-party API ever receives your full codebase in a single request. Each chunk is analyzed independently, meaning no external provider has a complete picture of your project at any point.
Data Storage and Security
Data is stored on servers located in the United States. All communication is encrypted via TLS (HTTPS). Access to production systems is restricted to authorized personnel. We use session-based authentication and HMAC signature verification for webhooks.
Data Retention
Review results are retained until you delete them. Account data is retained while your account is active. You may request full account and data deletion at any time by contacting us.
Your Rights
- Delete your review history from the dashboard at any time
- Request a copy of your stored data
- Request complete account deletion
- Disconnect GitHub/GitLab integrations at any time
Cookies
We use session cookies for authentication and preferences. We do not use third-party tracking cookies or advertising pixels.
Changes
We may update this policy from time to time. Changes will be posted on this page with an updated date.
Contact
Questions about this policy? Contact us