Security at a Glance
- Factor only accesses repositories where the GitHub App has been explicitly installed.
- Raw code is processed during analysis and discarded afterward.
- Factor stores analysis results and repository metadata, not repository source code.
- Customer code is not used to train public AI models.
- Access is governed by GitHub permissions and repository authorization.
How Factor Processes Your Code
When a pull request is analyzed:- Factor retrieves the pull request diff and relevant repository context from GitHub.
- The code is analyzed to understand the change and identify potential risks.
- The minimum code and repository context required for analysis is sent to AI providers.
- Factor generates a review report and publishes the analysis to the pull request.
- Raw code content is discarded after analysis is complete.
What Data Factor Accesses
Factor may access:- Pull request metadata (title, description, author, status)
- Pull request code changes
- Repository structure and relevant source files
- Repository metadata
- Organization and installation metadata
What Factor Stores
Factor stores:- Analysis results
- Review findings and verdicts
- Pull request metadata
- Repository metadata
- Organization and installation metadata
- Pull request diffs
- Repository source code
- Full file contents used during analysis
Data Usage
Customer code is used solely to perform pull request analysis. Factor does not:- Use customer code to train public AI models
- Sell customer data
- Share repository contents with other customers
- Use customer code for advertising or marketing
AI Providers
Factor uses third-party AI providers to generate analysis, including:- OpenAI
- Anthropic
- Groq
Access Boundaries
Factor can only access repositories where the GitHub App has been explicitly installed and authorized. Factor cannot:- Access repositories outside authorized installations
- Access private repositories without permission
- Access repositories belonging to organizations where Factor is not installed
What Factor Does Not Do
Factor is a read-only analysis system. Factor does not:- Execute your code
- Deploy your code
- Access production infrastructure
- Modify source code
- Push commits to repositories
- Create pull requests
- Store source code long-term
Data Retention
Factor retains:- Analysis results
- Pull request metadata
- Repository metadata
- Organization metadata
Security Practices
Current security measures include:- Encrypted communication over HTTPS
- Access controls tied to GitHub permissions
- Least-privilege repository access
- Limited retention of source code content