Last Updated: October 2025
Our Zero Code Retention Policy
ThinkReview operates on a strict zero code retention policy. This means your source code is processed in real-time for AI code reviews and immediately discarded—never stored, cached, or retained in any form on our servers.
How Zero Code Retention Works
1. Real-Time Processing Only
When you request a code review for a GitLab merge request or Azure DevOps pull request:
- Immediate Analysis: Code diffs are sent to our AI service and analyzed in real-time.
- Instant Discard: Once the AI review is generated, the code diff is immediately deleted from memory.
- No Queuing: Code is never queued or stored for later processing—everything happens synchronously.
- Transient Existence: Your code exists in our systems only for the few seconds required to generate the review.
2. No Code Storage Whatsoever
We maintain zero code storage across all systems:
- No Databases: We don't maintain any databases that store source code, code diffs, or code snippets.
- No File Storage: Code is never written to disk, saved to files, or stored in any persistent storage system.
- No Caching: We don't cache code content for performance—each review request processes fresh code.
- No Backups: Since we don't store code, there's nothing to back up, restore, or archive.
3. Limited Code Access
We only access the minimal code necessary for reviews:
- Diff-Only Processing: We only process code diffs (patches), never full files or entire repositories.
- No Repository Access: Our extension never gains access to your full GitLab or Azure DevOps repositories.
- No Scanning: We don't scan, index, or analyze your repositories automatically.
- User-Initiated Only: Code reviews only occur when you explicitly click "Review Code"—never automatically.
4. Code Processing Flow
Here's exactly what happens when you request a code review:
- You Click "Review Code": You explicitly trigger the review on a merge request or pull request.
- Diff Extraction: Only the code diff (patch) is extracted from the page you're viewing.
- Transmission: The diff is securely transmitted to our AI service over encrypted HTTPS.
- AI Analysis: Google's Gemini AI analyzes the code diff to generate review suggestions.
- Review Returned: The AI-generated review is sent back to your browser.
- Immediate Deletion: The code diff is immediately deleted from all our systems—it never touches persistent storage.
Total processing time: Typically 5-15 seconds, after which your code is completely gone from our systems.
5. No Code Retention Scenarios
Even in edge cases, we maintain zero retention:
- Failed Reviews: If a review fails, the code diff is still immediately discarded—no retry queues store code.
- Error Handling: Error logs contain no code content—only metadata like review IDs and timestamps.
- Rate Limiting: Rate limits are enforced without storing code—requests are simply rejected if limits are exceeded.
- Enterprise Accounts: Even for enterprise teams, the zero retention policy applies—no exceptions.
6. Code Access Controls
Our extension is designed with minimal code access:
- No Repository Permissions: The extension doesn't request repository-level permissions—only access to merge request pages.
- No Full File Access: We only process diffs you're already viewing—never access files you haven't opened.
- No Background Access: Code processing only happens when you're actively using the extension.
- No Cross-Request Access: Each code review is isolated—we never compare code across different merge requests.
7. Third-Party Code Processing
When code is sent to Google's Gemini AI for analysis:
- API Processing Only: Code is sent via API call—we don't upload files or maintain copies.
- Google's Policies: Code processing is subject to Google's Gemini API terms and privacy policies.
- No Training Use: We explicitly do not use your code to train AI models—analysis only.
- Immediate Return: Once Google returns the analysis, the code diff is deleted from our systems.
8. Verification and Audit
You can verify our zero retention policy:
- Network Inspection: Monitor network requests—code is only sent during active review requests.
- Source Code Review: Our extension code is transparent—you can review what data is sent.
- Privacy Policy: Our privacy policy explicitly states zero code retention.
- Account Deletion: When you delete your account, there's no code data to remove—only account metadata.
9. Enterprise Assurance
For enterprise customers concerned about code access:
- No Exceptions: Zero retention applies to all accounts—enterprise and individual users.
- Legal Guarantees: Our terms of service and privacy policy legally commit to zero code retention.
- Data Processing Agreements: We can provide DPAs that explicitly state zero code retention.
- Security Audits: Our architecture can be reviewed to verify zero retention practices.
10. Why Zero Retention Matters
Zero code retention provides critical protections:
- Security: Code can't be leaked from our systems if we don't store it.
- Privacy: Your intellectual property remains completely private.
- Compliance: Meets strict enterprise security and compliance requirements.
- Trust: You can use our service without concerns about code exposure.