← Back to home

Privacy Policy

Version 1.0 — Last updated: 3 April 2026

1. Introduction & Data Controller

Ovren ("we", "our", or "us") is an AI-powered developer platform that helps teams ship code faster by deploying autonomous AI developers. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Data controller: For the purposes of the UK GDPR and EU GDPR, Ovren is the data controller responsible for your personal data. Full legal entity details (registered name, address, and company number) will be published here once incorporation is complete. In the meantime, all data-related enquiries should be directed to legal@ovren.ai.

Lawful bases for processing: We process personal data on the following lawful bases:

  • Contract — to provide the Service you signed up for, including authentication, task execution, and billing.
  • Legitimate interests — to improve platform reliability, detect fraud, and produce aggregated analytics, where these interests are not overridden by your rights.
  • Consent — for optional analytics cookies, which you can withdraw at any time.
  • Legal obligation — where we are required to retain or disclose data by law.

By accessing or using Ovren, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.

2. Information We Collect

We collect the following categories of information to provide the Ovren service:

  • Account data — email address, display name, avatar, and GitHub username obtained when you sign in.
  • Authentication data — OAuth tokens from your GitHub sign-in used to access connected resources on your behalf.
  • Repository metadata — repository names, file paths, directory structure, branch names, and relevant commit context from projects you connect.
  • Repository content — source code and file contents accessed only to the extent necessary to analyse tasks, generate outputs, and deliver code updates. We do not retain repository content beyond what is required for active task execution.
  • Usage data — tasks created, execution logs, AI token consumption, credit usage, and billing-related metrics.
  • Device and browser data — IP address, browser type, operating system, referring URL, and pages visited, collected automatically when you use the service.
  • Cookies and session data — session identifiers and preference tokens stored locally in your browser. See the Cookies section for detail.

3. How We Use Your Data

We use the information we collect to:

  • Authenticate you and manage your account and subscription.
  • Provide AI task execution, code analysis, code generation, diff and patch creation, pull request delivery, and related platform outputs.
  • Display execution logs, status updates, and results within your dashboard.
  • Track usage against your plan quotas and process billing through our payment provider.
  • Detect and prevent fraud, abuse, or unauthorized access to the platform.
  • Improve product reliability, safety, and performance through internal analysis.
  • Produce aggregated, anonymized analytics that do not identify individual users.

We do not sell your personal data or repository content to third parties.

4. AI-Generated Outputs — Important Disclaimer

Ovren provides AI-assisted outputs — including but not limited to code suggestions, diffs, patches, branches, pull requests, execution summaries, and recommendations. These outputs are generated autonomously by AI models and are provided as-is.

  • AI-generated outputs may contain bugs, security vulnerabilities, incomplete logic, incorrect assumptions, deprecated patterns, or changes that break existing functionality.
  • All generated code, diffs, branches, pull requests, recommendations, and execution results must be independently reviewed, tested, and approved by you before being applied to any codebase, infrastructure, or production system.
  • You are solely responsible for validating the suitability of any output for your codebase, security requirements, compliance obligations, business logic, and production deployment.
  • Ovren disclaims all warranties — express or implied — regarding the accuracy, completeness, fitness for a particular purpose, security, or non-infringement of any AI-generated output, to the maximum extent permitted by applicable law.

By using Ovren, you acknowledge that AI outputs are a tool to assist your engineering process, not a replacement for human judgement, code review, testing, and professional engineering practice.

5. Cookies

We use a minimal set of cookies to keep the platform secure and to understand how it is used. We distinguish between two categories:

  • Essential cookies — strictly necessary for authentication, session management, and core platform functionality (for example, keeping you logged in and protecting your account). These are always enabled and cannot be declined without breaking the service.
  • Analytics cookies (consent required) — used to measure how the product is used in aggregate, including page views and feature interactions. These are only activated after you explicitly click Accept in the cookie consent banner. If you click Reject, no analytics scripts are loaded or executed. Analytics data does not identify you personally and is not shared with third-party advertisers.

We do not use advertising, retargeting, or cross-site tracking cookies.

Changing your preference: You can withdraw or change your cookie consent at any time by clicking the Cookie settings link in the page footer. This reopens the consent banner and allows you to change your choice. You may also clear cookies and localStorage through your browser settings.

6. Subprocessors & Third-Party Services

Ovren relies on the following third-party subprocessors to deliver the service. Each processes data under their own privacy terms and DPA-compliant agreements. We will update this list when subprocessors are added or removed.

SubprocessorPurposeCountryData processed
GitHubOAuth authentication, repository accessUSAAccount info, repo metadata & content
SupabaseAuth, session management, database hostingEU / USAAccount data, usage records
VercelApp hosting, deployment, web analyticsUSA / EURequest logs, page views
StripePayment processing, subscription managementUSA / EUBilling info (no card numbers stored by us)
AI model providersCode analysis and generationUSARepository content (transient, not retained)
Logging / observabilityPlatform health, error trackingEU / USARequest metadata, error traces

Repository content shared with AI model providers is used solely to fulfil your task requests and is not used to train their models under our agreements. If you require a Data Processing Agreement (DPA), contact legal@ovren.ai.

7. Data Storage and Retention

Your account data is stored in a PostgreSQL database hosted on Supabase. We retain your data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Repository content is accessed and processed transiently as required for active task execution. It is not persistently stored beyond what is needed for delivery and logging of results.
  • Connected repositories are accessed only with permissions explicitly granted via the GitHub App installation.
  • You can disconnect a repository at any time by uninstalling the GitHub App or revoking access through your GitHub settings.
  • You can request full account data deletion by contacting us at support@ovren.ai.

8. Security

We implement reasonable administrative, technical, and organisational safeguards to protect your data against unauthorised access, loss, or disclosure. However, no system is completely secure, and we cannot guarantee absolute security.

  • You are responsible for protecting your GitHub account permissions, organisation secrets, access tokens, and deployment credentials.
  • Do not include secrets, passwords, API keys, or sensitive credentials in task descriptions or prompts submitted to Ovren.
  • We recommend reviewing all AI-generated pull requests and code updates for unintended exposure of sensitive information before merging.

If you believe you have found a security vulnerability in Ovren, please report it responsibly to support@ovren.ai.

9. International Data Transfers

Our third-party service providers may process and store data in jurisdictions outside your country of residence, including the United States and the European Union, depending on their infrastructure and data residency configuration. By using Ovren, you acknowledge that your data may be transferred to and processed in these jurisdictions in accordance with this policy.

10. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your account and associated data.
  • Revoke access — disconnect your repository or revoke GitHub App permissions at any time through your GitHub settings. This immediately stops Ovren from accessing your repositories.

To exercise these rights, contact us at support@ovren.ai. We will respond within a reasonable timeframe.

11. Children's Privacy

Ovren is not intended for use by individuals under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The version number and "Last updated" date at the top of this page will be revised with each update. Material changes will be communicated through the platform or by email at least 14 days before they take effect. Your continued use of Ovren after changes take effect constitutes your acceptance of the updated policy.

13. Contact

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us at support@ovren.ai.

Terms of ServiceBack to home