Privacy Policy

1. Introduction

Welcome to ThinkReview ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services (collectively, the "Service"). Please read this privacy policy carefully.

Data Controller: ThinkReview trading as Thinkode LTD (Company Registration Number: 12850972) is the data controller responsible for your personal information. For questions about data protection, please contact us at support@thinkode.co.uk.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in using Google OAuth, we collect your email address, name, and profile information.
• Code Review Data: We process GitLab merge request diffs that you request to be analyzed. This data is processed in real-time and used solely for generating AI code reviews.
• Feedback and Support: Information you provide when contacting our support team or submitting feedback.

2.2 Automatically Collected Information

• Usage Data: Information about how you use the Service, including features accessed, review requests made, and interaction patterns.
• Device Information: Browser type, version, operating system, and device identifiers.
• Log Data: IP addresses, timestamps, and error logs for debugging and service improvement.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Service: To deliver AI-powered code reviews and maintain functionality.
• Improve Our Service: To analyze usage patterns and enhance features and user experience.
• Authentication: To verify your identity and manage your account.
• Communication: To send service updates, security alerts, and respond to inquiries.
• Analytics: To understand how users interact with our Service and make data-driven improvements.
• Compliance: To comply with legal obligations and protect our rights.

4. Data Processing and AI Analysis

Important Note on Code Review Data:

• GitLab merge request diffs are sent to Google's Gemini AI API for analysis.
• Code diffs are processed in real-time and are not permanently stored on our servers.
• AI-generated reviews and summaries may be temporarily cached to improve performance.
• We do not train our own AI models on your code data.
• Google's data processing practices are governed by their own privacy policy.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

• Service Providers: With third-party service providers who perform services on our behalf (e.g., Google Cloud, Firebase, Gemini AI).
• Legal Requirements: When required by law or to respond to legal processes.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize us to share information.

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• All data transmissions are encrypted using HTTPS/TLS protocols.
• Google OAuth is used for secure authentication.
• Access to personal data is restricted to authorized personnel only.
• Regular security audits and updates to our systems.
• Firebase Authentication and Firestore security rules to protect user data.

7. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Account Information: Retained until you delete your account.
• Code Review Data: Processed in real-time and not permanently stored.
• Usage Logs: Retained for up to 90 days for operational purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal information.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information.
• Data Portability: Request a copy of your data in a structured format.
• Opt-Out: Opt out of certain data processing activities.
• Withdraw Consent: Withdraw consent for data processing where consent was required.

To exercise these rights, please contact us at support@thinkode.co.uk.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Necessary Cookies: Maintain your session and authentication state. These are essential for the Service to function and cannot be disabled.
• Analytics Cookies: Analyze usage patterns through Google Analytics and Google Tag Manager to understand how visitors interact with our website.
• Preference Cookies: Remember your preferences and settings to improve user experience.

9.1 Cookie Consent

In compliance with GDPR and other privacy regulations, we request your consent before loading non-essential cookies (such as analytics cookies). When you first visit our website, you will see a cookie consent banner where you can:

• Accept All: Consent to all cookies including analytics cookies for tracking and analysis.
• Necessary Only: Only allow essential cookies required for the Service to function.

Your consent preference is stored in your browser's local storage and will be remembered for 365 days. You can change your cookie preferences at any time by clearing your browser's local storage or contacting us at support@thinkode.co.uk.

9.2 Managing Cookies

You can control cookies through your browser settings, but disabling necessary cookies may affect Service functionality. To withdraw your consent for analytics cookies, you can clear your browser's local storage for our website or contact us for assistance.

10. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Google OAuth: For authentication (Google Privacy Policy)
• Google Gemini AI: For code analysis (Gemini API Terms)
• Firebase: For backend services (Firebase Privacy)
• Stripe: For payment processing (Pro users) (Stripe Privacy)

11. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date.
• Sending an email notification for significant changes.
• Displaying a notification in the extension.

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold.
• Right to delete personal information.
• Right to opt-out of the sale of personal information (we do not sell personal information).
• Right to non-discrimination for exercising CCPA rights.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, and erase your personal data.
• Right to restrict or object to processing.
• Right to data portability.
• Right to lodge a complaint with a supervisory authority.
• Right to withdraw consent at any time.