Pullfrog

Privacy Policy

Effective February 2026

·Terms of Service →

We at Pullfrog, Inc. ("Pullfrog," "we," or "us") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use Pullfrog's software, platform, and related tools, including pullfrog.com, the Pullfrog GitHub App, and the agent orchestration service (collectively, the "Service"). It also describes your data protection rights. By using the Service, you consent to the practices described here.

This Privacy Policy does not apply where Pullfrog acts as a data processor on behalf of commercial customers (e.g., your employer provisioned your account). That usage is governed by our customer agreements.

1. Personal data we collect

A. Data you provide directly

  • Account information: GitHub username, profile name, email, and avatar (via GitHub OAuth). We use Clerk for authentication. We never receive your GitHub password.
  • Repository and installation data: Metadata about repos where the Pullfrog GitHub App is installed (names, owner, permissions, installation ID) and webhook events (issue opened, PR created).
  • Communications: Name, email, and message content when you contact us at support@pullfrog.com.
  • Feedback: Suggestions and ideas you provide about the Service.

B. Data we receive automatically

  • Device information: Device type, browser, and operating system.
  • Log information: IP address, browser type and settings, error logs, and interaction data.
  • Usage data: Dates and times of access, features used, workflow runs, console activity, and pages viewed.
  • Cookies: We use cookies and similar technologies to operate, personalize, and analyze the Service.
  • Location: Approximate geographic location (from IP) for security purposes.

C. Code and repository content

Code and content from your repositories ("Inputs") may be sent to third-party agent providers (e.g., Anthropic, OpenAI, Google) to perform tasks. Agents may generate code, comments, or other outputs ("Outputs") in your repositories.

Pullfrog does not use your Inputs or Outputs to train AI models, and does not permit third parties to use them for training. Agent providers have their own privacy policies. We do not retain repository code beyond what is necessary to complete a given task. Transient data may be held briefly for safety monitoring.

D. Information we do not collect

We do not knowingly collect sensitive personal information (genetic, biometric, health, religious data) or data from anyone under 18. If we learn a user is under 18, we will delete their data.

2. How we use personal data

  • Provide, maintain, and improve the Service
  • Create, manage, and administer your account
  • Improve the Service and conduct research (including debugging)
  • Communicate with you (updates, announcements)
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms

We do not use Inputs or Outputs to train models. We may aggregate or de-identify personal data for analytics and research and will not attempt to reidentify it.

3. How we share personal data

  • Service providers: Hosting, analytics, support, payment processing, and other vendors that operate under contract.
  • GitHub: To operate the GitHub App, receive webhooks, and sync repo data.
  • Clerk: Authentication and sign-in data, per their privacy policy.
  • Agent providers: Content necessary for agents (e.g., Claude, Codex, Gemini) to perform tasks, per their terms.
  • Business transfers: In connection with mergers, acquisitions, or other corporate transactions.
  • Legal: When required by law or to protect rights, safety, or property.
  • Affiliates: Entities under common control, consistent with this policy.
  • With consent: When you authorize sharing through the Service.
We do not sell your personal data. We do not process personal data for targeted advertising or cross-contextual behavioral advertising as defined under US state privacy laws.

4. Retention

We retain personal data only as long as necessary for the purposes described, legal compliance, safety, and dispute resolution. Repository code processed for a task is not retained beyond that task. When data is no longer needed, we delete, de-identify, or anonymize it.

5. Security

We use commercially reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure. We are not responsible for circumvention of security features on the Service or linked third-party sites.

6. Your rights and choices

Depending on your jurisdiction, you may have the right to access, correct, delete, port, object to, or restrict processing of your personal data, or to withdraw consent. Contact us at support@pullfrog.com to exercise these rights. We will not discriminate against you for exercising them.

Specific rights may include:

  • Right to know what data we collect, why, and who we share it with
  • Access and portability — request a copy of your data
  • Deletion of personal data, subject to exceptions
  • Correction of inaccurate data
  • Objection and restriction of processing in certain cases
  • Withdrawal of consent without affecting prior processing
  • No automated decisions that impact your legal rights
  • No sale or targeted ads — we do not sell data or process it for targeted advertising

We process data on servers in various jurisdictions including the United States. For EEA users, we require an adequate level of data protection for international transfers.

7. Privacy Policy changes

We may update this policy. We will post the updated version and date here. Continued use constitutes acceptance.

8. Contact

Questions? Email us at support@pullfrog.com.

© 2026 Pullfrog, Inc.

TermsHome