Privacy Policy

Last updated: 2026-06-09

Rally (“we”, “the Service”) is an AI software-engineering hub. This policy explains what we collect, why, and who we share it with. Contact: [your support email].

Information we collect

• Account: email address and a password (stored only as a salted hash).
• Workspace content: tasks, prompts, activity history, and project metadata you create.
• Code & repositories: when you connect a GitHub repository, we clone it transiently to run a task and push the resulting branch/PR. We do not retain long-term copies of your source beyond what is needed to perform the requested task.
• Credentials you provide: a GitHub App installation (scoped to repos you select) and, optionally, your own Anthropic API key and Google (Gmail/Calendar) authorization. Secrets are encrypted at rest.
• Usage & cost: token counts and estimated cost per request, for billing/quota.
• Device push token: if you enable notifications.

How we use it

• To authenticate you and operate your workspace.
• To perform the engineering tasks you request (analyze code, open pull requests).
• To enforce usage limits and prevent abuse.
• To send notifications you opt into (e.g. a task finished).

Third parties we share with

• Anthropic— prompts and relevant code are sent to Anthropic’s API to generate results. (If you supply your own Anthropic key, that processing is under your Anthropic account.)
• GitHub — to read/write the repositories you connect.
• Google — only if you connect Gmail/Calendar.
• Expo — to deliver push notifications.

We do not sell your personal information.

Retention & deletion

You can delete your account at any time from the app (Settings → Delete account). Deletion permanently removes your account and workspace data from our database. Transient repository checkouts are removed after each task.

Security

Traffic is served over HTTPS. Secrets (API keys, integration tokens) are encrypted at rest. No method of transmission or storage is perfectly secure.

Your rights

You may request access to or deletion of your data by deleting your account or contacting us at the address above. Depending on your location you may have additional rights under GDPR/CCPA.

This document is a template provided for development. It is not legal advice; have it reviewed by qualified counsel before a commercial launch.

Terms of Service · Sign in