DocumentationSecurityData Handling
Security

Data Handling

What we store and why

Data Handling

This document explains what data BambooSnow collects, how we use it, and how long we retain it.

Data We Collect

Account Data

| Data | Purpose | Retention | |------|---------|-----------| | Email address | Communication | Account lifetime | | GitHub username | Identification | Account lifetime | | Profile picture | Display | Account lifetime |

Repository Data

| Data | Purpose | Retention | |------|---------|-----------| | Repository name | Display, configuration | While connected | | Branch names | Trigger configuration | While connected | | File paths | Analysis context | While connected | | Commit metadata | Run history | While connected |

Analysis Data

| Data | Purpose | Retention | |------|---------|-----------| | Code snippets | Issue context | 30 days | | Analysis results | History, trends | 90 days | | Agent configurations | Persistence | While active |

Usage Data

| Data | Purpose | Retention | |------|---------|-----------| | API requests | Rate limiting | 24 hours | | Feature usage | Product improvement | Anonymized | | Error logs | Debugging | 14 days |

Data We Don't Store

  • Full source code - We fetch code on-demand and don't retain it
  • Git history - Only relevant commits for analysis
  • Credentials - Secrets are processed but never stored in logs
  • Personal files - Non-code files are ignored

How We Process Code

During Analysis

  1. Fetch - Clone or pull relevant files
  2. Analyze - Run AI analysis in isolated environment
  3. Report - Generate and store results
  4. Cleanup - Delete all code copies

Code Isolation

Each analysis runs in:

  • Isolated container
  • Separate network namespace
  • Time-limited execution
  • Memory-limited environment

Data Encryption

In Transit

  • TLS 1.3 for all connections
  • Certificate pinning for mobile apps
  • HSTS enabled

At Rest

  • AES-256 encryption
  • AWS KMS key management
  • Encrypted database backups
  • Encrypted log storage

Data Locations

Primary Regions

| Region | Location | Purpose | |--------|----------|---------| | US East | Virginia, USA | Primary for Americas | | EU West | Ireland | Primary for Europe |

Data Residency

Enterprise customers can choose:

  • Region-specific data storage
  • Data processing location
  • Backup locations

Data Retention

Default Retention

| Data Type | Retention Period | |-----------|------------------| | Run history | 90 days | | Analysis results | 90 days | | Audit logs | 1 year | | Account data | Account lifetime + 30 days |

Custom Retention

Enterprise plans support:

  • Extended retention
  • Reduced retention
  • Automated deletion

Data Deletion

Account Deletion

When you delete your account:

  1. Immediate: Account access removed
  2. 24 hours: Active sessions terminated
  3. 7 days: Personal data deleted
  4. 30 days: Backups purged

Repository Disconnection

When you disconnect a repository:

  1. Immediate: Agents stopped
  2. 24 hours: Webhooks removed
  3. 7 days: Configuration deleted
  4. 30 days: Historical data deleted

Data Export

Export your data before deletion:

  1. Go to Settings > Data
  2. Click Export Data
  3. Receive download link via email

Third-Party Data Sharing

We Share Data With

| Partner | Purpose | Data | |---------|---------|------| | GitHub | Authentication, API | OAuth tokens | | Stripe | Billing | Payment info | | AWS | Infrastructure | Encrypted data |

We Never Share

  • Your source code with third parties
  • Personal data for marketing
  • Data with AI training providers

Your Rights

Under GDPR and CCPA, you have the right to:

  • Access - Request a copy of your data
  • Correct - Update inaccurate data
  • Delete - Remove your data
  • Port - Export your data
  • Object - Opt out of processing

Contact privacy@bamboosnow.com to exercise these rights.

Previous
Security Overview
Next
Access Controls
BambooSnow - AI Agent Automation Platform