We only use strictly necessary cookies for authentication and payment processing — no tracking or marketing. Privacy Policy

Legal

Data Use Policy

Last updated: February 7, 2026

1. Overview

This Data Use Policy explains how CrashLoom collects, processes, and uses data from your applications. We are committed to transparency about how your data powers our AI reliability agent.

2. Data Collection Methods

Integration-Based Collection

We collect data through secure API integrations with:

  • Crash Monitoring Tools: Sentry, Firebase Crashlytics (via BigQuery), GitHub Issues
  • Version Control: GitHub (read-only for code context, write for PR creation)
  • CI/CD Pipelines: Test results and deployment status

Minimum Access Principle

We request only the minimum permissions necessary:

  • Read access to crash reports and stack traces
  • Read access to application dependency graphs
  • Write access limited to creating pull requests

3. How We Use Your Data

Crash Analysis

Crash reports and stack traces are analyzed to:

  • Identify patterns and root causes
  • Trace issues across linked applications
  • Prioritize fixes based on impact
  • Generate context-aware solutions

Fix Generation

Application context is used to:

  • Understand code structure and dependencies
  • Generate appropriate fixes
  • Create pull requests with proper context
  • Validate fixes against your test suite

Third-Party AI Processing

CrashLoom does not train its own AI models. We use third-party AI providers to analyze crashes and generate fixes:

  • User-selected providers: For crash analysis and fix generation, your data is processed by the AI provider you choose from our supported list. You control this choice from your agent configuration. You can add your own API keys on any plan.
  • CrashLoom infrastructure providers: For internal features like AI chat and agent context optimization, we use additional third-party AI providers.
  • Third-party API terms: All AI providers are accessed via their public commercial APIs. Each provider's data handling practices are governed by their own terms of service, which you can review directly on their respective websites.

Sandboxed Code Execution

CrashLoom does not store your source code. When analyzing crashes or generating fixes, code is accessed temporarily and discarded after processing. Execution happens in isolated sandbox environments that are automatically destroyed. You can choose the sandbox image used for your environment, giving you full control over the execution context.

4. Data We Never Use

  • Your source code is never stored — it is accessed temporarily during analysis and discarded after processing
  • User data or PII from your applications
  • Database credentials or API keys
  • Customer information from your systems

5. Data Storage and Processing

Storage Locations

Data is stored in:

  • Cloud infrastructure hosted in the European Union
  • Encrypted databases with automated backups
  • Temporary processing queues (data deleted after processing)

Processing Pipelines

  • Crash data analyzed in isolated, encrypted containers
  • Code context loaded temporarily and discarded after fix generation
  • All processing logged for audit purposes

6. Data Sharing

We do not sell your data. We share data only with:

  • Your team: Within your workspace based on permissions
  • AI providers: Crash data and code context are sent to third-party AI providers for analysis and fix generation. The specific provider depends on your agent configuration. Each provider's data handling is governed by their own terms of service — we recommend reviewing them directly.
  • Service providers: Cloud infrastructure, monitoring, and security services under strict contracts
  • Legal requirements: If required by law or to protect our rights

7. Data Retention

Data TypeRetentionPurpose
Crash ReportsWhile activeAnalysis, trending, and resolution matching
PR MetadataIndefinitePR references and status
Crash-Solution PairsIndefiniteResolution matching and analysis optimization
Account DataWhile activeService provision

8. Data Control and Deletion

You can:

  • View all data we've collected about your account
  • Export your crash analysis history
  • Request complete data deletion upon account closure
  • Revoke integration permissions at any time

9. Security Measures

  • End-to-end encryption for all data in transit
  • Encryption at rest using industry-standard algorithms
  • LLM provider API keys are encrypted using Google Cloud KMS; all other data is encrypted at rest via Google Cloud managed disk encryption
  • Periodic security reviews and internal testing
  • Automated threat detection and response
  • Strict access controls and audit logging

10. Compliance

CrashLoom follows:

  • GDPR (General Data Protection Regulation) principles
  • CCPA (California Consumer Privacy Act) principles
  • Industry best practices for data security

11. Your Rights

Under data protection laws, you have the right to:

  • Know what data we collect and how it's used
  • Access your data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to certain data processing
  • Data portability

12. Updates to This Policy

We may update this Data Use Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or in-app notification.

13. Contact Us

For questions about how we use your data, contact us at contact@crashloom.com