We track reading, not readers.

What we store

• — Time spent on each file of each pull request, per reviewer.
• — Your GitHub identity (id, login, avatar) so we can show who read what.
• — The list of changed files on each PR we watch (paths, +/- counts).
• — Workspace-level billing metadata.

What we do not store

• — Source code contents. We never read or transmit the diff body.
• — Keystrokes, scroll positions inside files, mouse movement, or screenshots.
• — Anything outside github.com pull-request pages.
• — Telemetry, analytics, third-party trackers, or ad pixels — on the marketing site or the dashboard.

How dwell time is measured

The extension counts the seconds a file's diff is on screen while the tab is focused. Time pauses if the tab loses focus, the file scrolls out of view, or the reviewer goes idle for more than five seconds. Total elapsed time is sent to our API on a debounce.

Retention

Per-file reading state is cleared when a PR closes or merges. Aggregate reviewer history is kept for 90 days, then deleted, unless your workspace has opted into a longer audit retention for compliance.

Open source

The browser extension source is public. You can audit every byte it sends us. Self-hosted deployments are available on the Enterprise plan.

Delete your data

• — Uninstall the GitHub App from your org. We mark the workspace suspended immediately and stop ingesting webhooks.
• — Email privacy@readpr.dev to permanently delete the workspace and all reading history. We action requests within seven days.
• — Individual reviewers can revoke their browser-extension token from /dashboard/settings at any time.

Subprocessors & GDPR

See the security page for the full subprocessor list, encryption posture, and audit status. Data-processing addenda are available on request.

Contact

Questions about data handling: privacy@readpr.dev.