What makes diffray different from other AI code review tools?

diffray uses multi-agent intelligence instead of single-model AI. Multiple specialized agents work together - Security Agent, Performance Agent, Architecture Agent, and Consistency Agent - each expert in their domain. This coordinated approach reduces false positives by 87% and catches 3x more real bugs.

How long does a code review take with diffray?

diffray provides comprehensive code reviews quickly. The multi-agent system works in parallel to analyze your code efficiently while maintaining thorough analysis.

Is diffray free for open source projects?

Yes, diffray is free forever for open source projects. We support the open source community with full access to our multi-agent code review platform.

Privacy Policy

Last updated: December 21, 2025

Introduction

Welcome to diffray ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered code review service at diffray.ai (the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Data Controller

The data controller responsible for your personal information is:

diffray, Inc.

Delaware, USA

Email: privacy@diffray.ai

1. Information We Collect

1.1 Account Information

When you sign up through GitHub OAuth, we collect:

GitHub username and email address
Profile picture/avatar
Public profile information

1.2 Usage Data

We automatically collect:

IP address, browser type, device information
Pages visited and time spent

1.3 Repository Data

When you authorize access to your repositories:

Repository names and metadata
Pull request data and source code (during review only)
Review results

1.4 Source Code Handling

Your code is never stored permanently. Each review runs in an ephemeral environment that is fully destroyed after completion.

You retain all ownership rights to your code
We will not use your code to train AI models
We will not share your code with other customers

2. How We Use Your Information

Authenticate your account and provide the Service
Analyze code and provide review suggestions
Improve our Service and develop new features
Communicate with you about updates and support

3. How We Share Your Information

We do not sell your personal information. We share data with these sub-processors:

Provider	Purpose	Location
AWS	Infrastructure	US
Anthropic	AI (Claude)	US
GitHub	Auth, repos	US
Stripe	Payments	US
Vercel	Hosting	US

For international transfers, we use Standard Contractual Clauses (SCCs) and Data Processing Agreements.

4. Data Security

Encryption in transit (TLS/SSL) and at rest
Secure authentication (OAuth 2.0)
Regular security audits

5. Data Retention

Data Type	Retention
Account data	While active + 30 days
Source code	Not stored (ephemeral only)
Repository metadata	Deleted with account
Review results	30 days
Analytics	Aggregated indefinitely

6. Your Privacy Rights

You have the right to:

Access — Request a copy of your data
Portability — Receive data in machine-readable format
Correction — Fix inaccurate information
Deletion — Request deletion of your data
Restriction — Limit processing of your data
Objection — Object to processing
Withdraw Consent — Revoke consent at any time

To exercise your rights (access, export, or deletion), contact privacy@diffray.ai. We respond within 30 days.

7. Cookies

We use essential cookies for authentication and analytics cookies to understand usage. For detailed information, see our Cookie Policy.

8. Automated Decision Making

Our AI provides suggestions only — it does not make legally significant decisions. You always have final control over any changes to your code.

9. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect their data.

10. Regional Privacy Rights

Depending on your location, additional rights may apply:

GDPR (EU/UK/Switzerland)

Legal basis: contract performance, legitimate interests, consent, legal obligation. You may lodge complaints with your local supervisory authority.

CCPA (California)

Right to know, delete, opt-out. We do not sell personal information.

LGPD (Brazil)

Rights: confirmation, access, correction, anonymization, portability, deletion, consent withdrawal.

PIPEDA (Canada)

Access, challenge accuracy, withdraw consent. Complaints to Privacy Commissioner of Canada.

Privacy Act (Australia)

Access, correction, complaints to OAIC, opt-out of direct marketing.

APPI (Japan)

Disclosure, correction, cessation of use. Complaints to PPC.

PIPA (South Korea)

Access, correction, deletion, suspension, consent withdrawal. Complaints to PIPC.

DPDP (India)

Access, correction, erasure, grievance redressal, nomination rights.

11. Enterprise Compliance Documents

We provide the following compliance documents upon request for enterprise customers:

NDA

Mutual NDA — available upon request

DPA

GDPR compliant — view online

SCC

EU transfers — available upon request

Security Questionnaire

SIG Lite supported — available upon request

Contact privacy@diffray.ai to request any compliance documentation.

12. Changes to This Policy

We may update this policy and will notify you by updating the "Last updated" date.

13. Contact Us

Questions? Contact us:

diffray, Inc.

Delaware, USA

privacy@diffray.ai