Privacy

When you run logomesh against a Sentry event, the CLI fetches the event payload from your Sentry organization using credentials you provide. The fetched payload is processed locally on the machine running the CLI.

When you connect a pilot installation, we additionally store the metadata you supply during onboarding — your Sentry organization slug, GitHub installation id, and (optionally) Slack incoming webhook URL — for the lifetime of the pilot.

Frame locals captured at the moment of failure are passed through a deterministic redactor before any LLM call and before being written into a synthesized test. The redactor matches PAN-shaped numerics (Luhn-validated) and a configurable field-name allowlist (email, password, token, secret, card_*, ssn, dob, phone).

Redacted values are replaced with the literal token ⟨redacted⟩. Original values do not transit our systems and are not persisted in any audit artifact.

Reproduction runs execute in a hardened, airgapped Docker sandbox on the machine that invoked the CLI. Sandbox containers run as the unprivileged `nobody` user with memory and PID limits and no outbound network. Generated tests, redacted frame locals, and signed audit artifacts are written under the working directory.

For pilot installations, we store the same artifact metadata in a single-region managed Postgres instance with at-rest encryption. Raw frame locals are never persisted server-side.

We do not pull from your production database to construct a reproduction. The repro path reads frame locals captured at the crash, never live customer state.

We do not train any model on your code, your crash payloads, or your audit artifacts. The audit-artifact path itself contains no LLM call — it is deterministic from the redacted frame locals.

We do not upload your generated tests, your source code, or any non-public symbol from your codebase to a third party.

CLI mode has no subprocessors — everything runs locally.

Pilot installations use Sentry (your account), GitHub (your installation), and — optionally — your Slack incoming webhook. We do not share data with any other third party.

Pilot tenants can revoke a Sentry token, GitHub app installation, or Slack webhook at any time from the dashboard. Revocation is enforced on the next pipeline run; in-flight runs are not retroactively cancelled.

Pilot artifact metadata is deleted within 30 days of revocation. Artifacts written to your working directory in CLI mode are entirely under your control.